Azure Event Hub - Authenticate user before Sending the events
I am able to send the events to the EventHub using below Link.
Above article is using Eventhub connection string to send the event hub. If someone (unknown user) know my event hub connection string they can also send the events.
So i want add some users like below in the portal and Users from below("Access control" in below screen shot) list only can send the events to my EventHub. Is there any way restrict like this?
No, you can't. There is a preview feature as mentioned in the comment, it uses azure ad RBAC role to authorize access to eventhub, but this is just another different way, if someone knows your connection string, he can also send the events.
My workaround is to use the Azure Keyvault to store the connection string as a secret. Then you can set the Access policies of the keyvault, add the user/service principal which you want. Then only the users/service principals with the permissions can retrieve the secret.
In the sample which you mentioned, it uses the plain text
static string connectionString = "namespace connection string", I suppose you may think it is not safe. After you store the connection string in the keyvault, you could use keyVaultClient.GetSecretAsync to get the secret to avoid to expose the connection string.
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("https://<YourKeyVaultName>.vault.azure.net/secrets/AppSecret")
.ConfigureAwait(false);
Message = secret.Value;
For more details, you could refer to the links below.
- Filter specific items that are alone in an array of Collection String in Azure Search
- Azure Autoscaling Duration Time and Cool Down Time
- Partition Key for Cosmos DB
- How to extract TLS 1.X of all app services/web app running Azure
- VSTS Build Pipeline: Test fails connecting to Azure Key Vault
- How to Get BootStrapper.exe work in Windows Azure?
- Why Can't I See Roles Assigned to an App Registration in Azure?
- Email errors from all activities in ADF at once
- How can I ensure that Azure Text-to-Speech properly pronounces word-for-word translations?
- NGINX + Cloudflare SSL Certificate is not valid
- What the proper way to store PAT from azure registry for UV?
- Display Image stored in a sharepoint Site, on a pdf that i want to export
- Deploy Azure Initiative (set definition) with Azure PowerSHell
- Where can I find docker container logs for Azure App Service
- Variables and Parameters in Azure Data Factory?
- Secret scoped role definition and assignment using bicep
- How to get the count of files inside a certain folder of container in Azure Blob storage in C#
- Getting Error while trying to do Terraform Import of Azure Disk Encryption Sets
- Error on calling Azure Get blobs zip API, parameter blobsID
- Azure Queue Trigger is hit but not executing the logic inside of it
- trying to find out week of year in kql
- Data Factory to Snowflake copy task Fails with Failed to open the database error
- How to create BAK file from azure sql db
- Specifying user-assigned managed identity in Azure Function Terraform script
- Azure SQL Server Auditing EventHub Bicep
- BlobServiceClient singleton?
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- How to use environment variables in React app hosted in Azure
- Azure function python app - getting nested environments variables
- Managed Identity Authentication for Azure AI Speech - WebSocket upgrade failed: Authentication error (401)