How to authenticate\authorize a console application running on-prem to use Azure service bus using Azure AD

Question

I have a .net core based console application that I am running on-prem. I was able to connect this application with Azure Service Bus using Shared Access Signature (connection string). Now I want to use Azure AD to authenticate and authorize my application.

I followed following link: https://learn.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application

based on this link I completed following task:

1. Registered app (console application client) with Azure AD.
2. Created a client secret

Then the article says grant Permission for Service bus API

I am not sure how it works. How do I add API permission for Microsoft.ServiceBus?

Also the article talks as RBAC roles but does not show how can one assign role to a client ?

Answer 1

In order to allow application (service bus client) to access Service Bus follow these steps:

1. Open Service Bus > Select Access Control (IAM) > Click Add Role Assignment button

2. Select appropriate role > I am selecting receiver role > Click Next button
3. Click on + Select Members > Search for application you registered with Azure AD. Service-bus-client is the application I registered initially with Azure AD. Complete the wizard.