NServicebus in App Service using Managed Identity for connect to Azure Service Bus

I am trying to configure my NServiceBus application to use Managed Identity. The application is running as an App Service and should be able to connect with my Azure Service Bus Queue using Managed Identity.

I have only found an example using Shared Access Key here, Azure Service Bus Transport • Particular Docs.

I have set the CustomTokenCredential on my Transport and tried to change the connection string to “Endpoint=sb://[NAMESPACE].servicebus.windows.net/;Authentication=ManagedIdentity”

When running I get an exception;
ArgumentException: The value ‘Endpoint=sb://[NAMESPACE].servicebus.windows.net/;Authentication=ManagedIdentity’ is not a well-formed Service Bus fully qualified namespace.

Any idea what is going wrong? It does work when I am using Shared Access Key. And we have also seen it working from an Azure Function to Azure Service Bus using Managed Identity.

It does not seem to get to the authentication part but fails already on the namespace.

What version of the transport are you using? Based on the version, the connection string would be different.

Endpoint=sb://[NAMESPACE].servicebus.windows.net/;Authentication=ManagedIdentity was a workaround for the ASB SDK track 1. Track 2, the latest ASB SDK/NServiceBus transport, the workaround was removed by the SDK team in favour of a more consistent approach, which only requires the fully qualified domain name (FQDN) for your namespace as a connection string. Try [MYNAMESPACE].servicebus.windows.net as your connection string with Managed Identity configured application/environment. Here’s an example of Azure Functions using MI and here’s the documentation for WebJobs, the guts of Functions.

PS: this was the blog post where the SDK team has shared all the options to configure Functions extensions using Secretless configuration. Same time of configuration is likely to be applicable to App Service as well.