We are not able to connect to eventhub using system assigned managed identity froma VM

Question

We are trying to connect to event hub using managed identity but not able to find the connection string to use for Managed Identity.

Tried with below url but getting the error: Illegal connection string parameter name: Authentication

Endpoint=sb://<eventhubname>.servicebus.windows.net;Authentication=ManagedIdentity

Please let us know what string to use.

Below is how we are connecting using the SAS token in connection string:

EventHubProducerClient producer = new EventHubClientBuilder()
.connectionString(connectionString, eventHubName)
.buildProducerClient();

Answer 1

Hello @Ashutosh Saini ,

Welcome to the Microsoft Q&A platform.

I see there is no space between between "Managed" and "Identity" Endpoint=sb://<eventhubname>.servicebus.windows.net;Authentication=ManagedIdentity.

It should work as excepted, when the connection string has a space between "Managed" and "Identity", i.e. Endpoint=sb://<eventhubname>.servicebus.windows.net;Authentication=Managed Identity.

For more details, you may check out the below links which addressing similar issue:

• https://github.com/Azure/azure-service-bus/issues/322
• https://blog.darkloop.com/post/using-service-app-managed-identity-with-azure-functions-service-bus-bindings
• https://github.com/MicrosoftDocs/azure-docs/issues/34826

Hope this will help. Please let us know if any further queries.

------------------------------

• Please don't forget to click on or upvote button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
• Want a reminder to come back and check responses? Here is how to subscribe to a notification
• If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators

Answer 2

Hi Pradeep, We tried using below methods:
Method1: By just removing the SAS token from the connection string using azure-messaging-eventhubs
EventHubProducerClient producer = new EventHubClientBuilder()
.connectionString(connectionString, eventHubName) .buildProducerClient();

Method 2: Tried using the connection builder from old Azure eventhub (azure-eventhubs) library:
ConnectionStringBuilder connectionStringBuilder = new
ConnectionStringBuilder()
.setNamespaceName("<eventhubname>.servicebus.windows.net")
.setEventHubName(eventHubName).setAuthentication("Managed Identity");
String newConnString = connectionStringBuilder.toString();

EventHubProducerClient producer = new
EventHubClientBuilder().connectionString(newConnString)
.buildProducerClient();

Method 3: Tried using ManagedIdentityCredential as below using azure-messaging-eventhubs and Azure Identity:

ManagedIdentityCredential managedIdentityCredential = new
ManagedIdentityCredentialBuilder() //.clientId("**********") // required only foruser-assigned
.build();

String fullyQualifiedNamespace = "{your-namespace}.servicebus.windows.net";
EventHubProducerClient producer = new EventHubClientBuilder().credential(fullyQualifiedNamespace,
eventHubName, managedIdentityCredential) .buildProducerClient();

Answer 3

We were able to connect using the method 3 mentioned above when we added the role of data owner to the system assigned managed identity, earlier we had the contributor role assigned which was working for user assigned managed identity but not for system assigned MI.