Prevent forgery and message signing for Azure service bus

Question

I am using Azure service bus and I have a bounded context (profile management) that will send out updates to users profiles have occurred (an email_address_updated event for instance).

I would appreciate help with the following questions for Azure Service Bus:

1. Is it possible to secure the bus to prevent 3rd party apps from sending data?

2. Is there built in support to prevent/detect forged messages, or should i implement my own signature hash on the packet contents?

I am actually using the On-Premise Windows Service bus 1.1 and believe the functionality is the same as the Azure cloud offering.

Answer 1

To answer your questions:

1. Is it possible to secure the bus to prevent 3rd party apps from sending data?

The Azure one and the Windows Server Service Bus use security tokens to secure the access. Unless you want to explicitly allo unauthenticated users to access your Service Bus (why would you?). You can read more on Authenticating and Authorizing Service bus here.

1. Is there built in support to prevent/detect forged messages, or should i implement my own signature hash on the packet contents?

Nope. But there is built-in support for Authenticating and Authorizing. So unless you think anyone has stolen your SB credentials, all messages should be reliable. And if someone has stolen your SB credentials, most probably he/she has also stolen your hashing/signing algorithm and can generate system-valid message, so I would not bother for this part.