Connection Strings & Authentication in Azure Service Bus
Overview
Learn how to authenticate with Azure Service Bus using connection strings and SAS policies.
Finding Your Connection String
Via Portal
- Go to Service Bus Namespace
- Navigate to Settings → Shared access policies
- Click on a policy (or create new)
- Copy the Connection string or Primary Key
Default Policy
- Name:
RootManageSharedAccessKey - Permissions: Manage, Send, Listen
- Warning: Don't use in production!
Connection String Format
Endpoint=sb://yournamespace.servicebus.windows.net/;SharedAccessKeyName=policy-name;SharedAccessKey=your-key
Create Custom SAS Policy
Via Portal
- Go to Service Bus Namespace
- Navigate to Settings → Shared access policies
- Click + Add
- Configure:
- Name:
sender-policy - Permissions: Select Send, Listen (not Manage)
- Name:
- Click Create
- Copy the connection string
Via CLI
az servicebus namespace authorization-rule create \
--resource-group myrg \
--namespace-name mynamespace \
--name sender-policy \
--rights Send Listen
Authentication in Code
Using Connection String
string connectionString = "Endpoint=sb://mynamespace.servicebus.windows.net/;SharedAccessKeyName=sender-policy;SharedAccessKey=...";
await using var client = new ServiceBusClient(connectionString);
await using var sender = client.CreateSender("my-queue");
Security Best Practices
| Practice | Why It Matters |
|---|---|
| Use least-privilege policies | Limit permissions |
| Don't use RootManageSharedAccessKey | Too much access |
| Rotate keys regularly | Reduce risk if compromised |
| Use Managed Identity (Production) | No keys in code |
Managed Identity (Recommended for Production)
// No connection string needed!
var client = new ServiceBusClient(
new Uri("https://mynamespace.servicebus.windows.net"),
new DefaultAzureCredential()
);
Enable Managed Identity
- Go to Service Bus Namespace
- Navigate to Identity
- Turn on System assigned or User assigned
- Grant "Azure Service Bus Data Owner" role in IAM
Permissions Explained
| Permission | Allows |
|---|---|
| Manage | Create/delete queues, topics |
| Send | Send messages to queue/topic |
| Listen | Receive messages from queue/subscription |
Next Steps
Azure Integration Hub - Beginner Level