Azure Service Bus queue permissions

I’m trying to make NServiceBus work with Azure Service Bus as transport. Using full permissions at the namespace level everything works just fine. But I really want to do a more fine grained permission setup, where permissions can be set at entity level (e.g. queue). Using SAS, Azure Service Bus allows setting specific authorization rules on each entity, but in order to access such an entity, I need to use a dedicated connection string with an entity specific key.

But what if I need my NServiceBus endpoint to send to two different queues? I seems I can only specify one Azure Service Bus connection string, and that happens when bootstrapping the endpoint instance. How to deal with that?

It should be mentioned that my NServiceBus endpoint is a .Net Core application hosted on linux, so as far as I understand, I can’t really use the Managed Identity with AD approach.

The best way to handle that is to create a custom token provider that would authorize endpoints to use specific entities. You can configure a custom token provider using the transport API.

Alternatively, you could check Managed Identity, but AFAIK it still operates on a namespace level and not specific entities in that namespace.