Hi,
We are trying to connect to Azure Service Bus using managed identity.
We tried configuring the following as mentioned in https://abp.io/support/questions/9853/Connect-to-Azure-Redis-Cache-and-Azure-Service-Bus-using-Azure-managed-Identity
However, it appears that the ConnectionPool implementation is still attempting to use a connection string, which results in an error since no connection string is provided.
https://github.com/abpframework/abp/blob/270c458fe426e831b0568e533e125c9321cb78b7/framework/src/Volo.Abp.AzureServiceBus/Volo/Abp/AzureServiceBus/ConnectionPool.cs#L14
To work around this, we've overridden the ConnectionPool to fall back to DefaultAzureCredential when a connection string is not available. Would it be possible to introduce a configuration option to support this scenario?
4 Answer(s)
-
0
- Solution
Current behavior (ABP v9.3.3): Volo.Abp.AzureServiceBus’s ConnectionPool expects a connection string and throws when it’s missing. This prevents using Managed Identity out-of-the-box.
Workable approach today (non-breaking, recommended):
- Bypass the default ConnectionPool by registering your own ServiceBusClient that uses DefaultAzureCredential. This keeps ABP’s Distributed Event Bus on Azure Service Bus working while authenticating via Managed Identity.
Example:
using Azure.Core; using Azure.Identity; using Azure.Messaging.ServiceBus; using Microsoft.Extensions.Options; using Volo.Abp; using Volo.Abp.AzureServiceBus; using Volo.Abp.Modularity; [DependsOn(typeof(AbpAzureServiceBusModule))] public class MyAzureServiceBusMiModule : AbpModule { public override void ConfigureServices(ServiceConfigurationContext context) { // Configure your namespace in options Configure<AbpAzureServiceBusOptions>(opt => { opt.Namespace = "<your-namespace>"; // e.g. mybusns // You can still set TopicName/SubscriptionName if you use ABP’s distributed event bus }); context.Services.AddSingleton<TokenCredential, DefaultAzureCredential>(); // Replace ServiceBusClient registration to use MI instead of connection string context.Services.AddSingleton<ServiceBusClient>(sp => { var options = sp.GetRequiredService<IOptions<AbpAzureServiceBusOptions>>().Value; var credential = sp.GetRequiredService<TokenCredential>(); // Fully qualified namespace: "<namespace>.servicebus.windows.net" var fqn = $"{options.Namespace}.servicebus.windows.net"; return new ServiceBusClient(fqn, credential); }); // Optionally: if you use sender/processor factories relying on ConnectionPool, // you can replace IConnectionPool with your own implementation. context.Services.Replace(ServiceDescriptor.Singleton<IConnectionPool, ManagedIdentityConnectionPool>()); } } // Example minimal pool that creates clients using MI when no connection string is present public class ManagedIdentityConnectionPool : IConnectionPool { private readonly ConcurrentDictionary<string, ServiceBusClient> _clients = new(); private readonly TokenCredential _credential; public ManagedIdentityConnectionPool(TokenCredential credential) { _credential = credential; } public ServiceBusClient Get(string fullyQualifiedNamespace, string? connectionString = null) { // Prefer connection string when provided, otherwise use MI return _clients.GetOrAdd(fullyQualifiedNamespace, ns => { if (!string.IsNullOrWhiteSpace(connectionString)) { return new ServiceBusClient(connectionString); } return new ServiceBusClient(ns, _credential); }); } }Notes:
Ensure the managed identity (system-assigned or user-assigned) has at least Azure Service Bus Data Sender/Receiver roles on the namespace.
For ABP Distributed Event Bus, keep using AbpAzureServiceBusOptions for entity names (topic/subscription). Only authentication changes.
About adding a first-class configuration option in ABP:
- Your suggestion is valid: introducing an option like AbpAzureServiceBusOptions.UseManagedIdentity = true or providing a credential factory would allow the framework to pick DefaultAzureCredential when no connection string is supplied.
- Until such an enhancement is added, replacing the client or the connection pool as shown above is the supported customization pattern in ABP (use DI replace).
- Sources
- Azure Service Bus client creation with DefaultAzureCredential (code you referenced):
- ABP Azure Service Bus ConnectionPool (shows current connection-string-based design) https://github.com/abpframework/abp/blob/270c458fe426e831b0568e533e125c9321cb78b7/framework/src/Volo.Abp.AzureServiceBus/Volo/Abp/AzureServiceBus/ConnectionPool.cs#L14
- Related ABP Support reference (Managed Identity usage context) https://abp.io/support/questions/9853/Connect-to-Azure-Redis-Cache-and-Azure-Service-Bus-using-Azure-managed-Identity
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
It would be better if we had a configuration option rather than overriding the connection pool.
-
0
hi
I will check and provide an option to override it.
Thanks.
-
0
https://github.com/abpframework/abp/pull/24152
