ServiceBus throws 401 Unauthorized Error

Question

I'm using a simple implementation of the Windows Service Bus 1.0 Brokered messaging to keep track of the user interactions with a particular web application.

Every time something is saved to a "sensitive" table in the database, I have setup the repository layer send a message like so:

ServiceBus.MessageQueue<T>.PushAsync(entity);

which will then serialize the entity and create a message out of it.

My MessageQueue class is something like this.

public static class MessageQueue<T>
{
    static string ServerFQDN;
    static int HttpPort = 9355;
    static int TcpPort = 9354;
    static string ServiceNamespace = "ServiceBusDefaultNamespace";

    public static void PushAsync(T msg)
    {
        ServerFQDN = System.Net.Dns.GetHostEntry(string.Empty).HostName;

        //Service Bus connection string
        var connBuilder = new ServiceBusConnectionStringBuilder { ManagementPort = HttpPort, RuntimePort = TcpPort };
        connBuilder.Endpoints.Add(new UriBuilder() { Scheme = "sb", Host = ServerFQDN, Path = ServiceNamespace }.Uri);
        connBuilder.StsEndpoints.Add(new UriBuilder() { Scheme = "https", Host = ServerFQDN, Port = HttpPort, Path = ServiceNamespace}.Uri);

        //Create a NamespaceManager instance (for management operations) and a MessagingFactory instance (for sending and receiving messages)
        MessagingFactory messageFactory = MessagingFactory.CreateFromConnectionString(connBuilder.ToString());
        NamespaceManager namespaceManager = NamespaceManager.CreateFromConnectionString(connBuilder.ToString());

        if (namespaceManager == null)
        {
            Console.WriteLine("\nUnexpected Error");
            return;
        }

        //create a new queue
        string QueueName = "ServiceBusQueueSample";
        if (!namespaceManager.QueueExists(QueueName))
        {
            namespaceManager.CreateQueue(QueueName);
        }

        try
        {            
            QueueClient myQueueClient = messageFactory.CreateQueueClient(QueueName);

            string aaa = JsonConvert.SerializeObject(msg, Formatting.Indented,
                            new JsonSerializerSettings()
                            {
                                ReferenceLoopHandling = ReferenceLoopHandling.Ignore,
                                ContractResolver = new NHibernateContractResolver()
                            });

            BrokeredMessage sendMessage1 = new BrokeredMessage(aaa);
            sendMessage1.Properties.Add("UserName",Thread.CurrentPrincipal.Identity.Name); 
            sendMessage1.Properties.Add("TimeStamp", ApplicationDateTime.Now);
            sendMessage1.Properties.Add("Type", msg.GetType().Name);


            myQueueClient.Send(sendMessage1);

        }
        catch (Exception e)
        {
            var l = new Logger();
            l.Log(LogEventEnum.WebrequestFailure, e.Message);
            Console.WriteLine("Unexpected exception {0}", e.ToString());
            throw;
        }

    }
}

This works flawlessly when I debug this locally. But when I publish the site in IIS and run, the namespaceManager.QueueExists(QueueName) call fails with an exception which says "401 Unauthorized error".

When I change the Application pool identity (in IIS) to an admin account this error does not occur. However, there is absolutely no way that I can make this happen when we go production.

Am I missing something? If so, what is it? Any help is greatly appreciated.

Answer 1

Did you read the security section in the docs, Chameera? http://msdn.microsoft.com/en-us/library/windowsazure/jj193003(v=azure.10).aspx

You seem to be running with the default security settings, meaning you only have admin accounts authorized. Review the documentation section and grant the requisite rights to the accounts you want to use in prod.