This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 10%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
We are working on a project where we need to use a proprietary library from Codesys to connect to the Azure HUB, and when using MQTT the way is to define SaS for the device.
Problem is that the SaS will have an expire data, (longest is 365days) and this means that we will need to update all the IoT devices once the SaS is expired.
Is there any way to create a SaS without expiry date or to renew a SaS?
There are possibly other ways to connect to the IoT HUB, but the MQTT was already implemented with AWS and this is from where the customer would like to migrate.
Hello @Telemation ,
I checked some documentation about IoTHub MQTT support and SAS tokens.
I do not see this 365 days limitation.
Expiry is "UTF8 strings for number of seconds since the epoch 00:00:00 UTC on 1 January 1970").
Can you try to communicate with a sas token which exceeds this 365 days?
I am using Device Explorer to generate the SaS and I can`t increate the TTL from 365 days.
My question is what happens if I set this to 0?
Will mean that the SaS will not expire?
Check out this StackOverflow question that deals with a similar scenario. Setting the expiration to 0 will probably give you a token valid until January 1st 1970. But in the SA post, a user has connected devices with a token that's valid for a hundred years.
If you're using Device Explorer to create your token, the UI limits you to create anything longer than 365 days. The Azure CLI doesn't have that restriction.
There was a tool in the past called Device Explorer which is deprecated.
Instead, use the IoT Exprorer or VS Code.
Still, to create a SaS token that exceeds the limitation, either use the CLI or program a tool yourself as seen in the links above.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 98%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
I have just started on a Codesys / Azure IoT hub project also and unfortunately the documentation is hopelessly incomplete. I have easily got Node Red on my pc to interact with the hub devices so I am sure I have the correct keys/SAS.
No matter what I have tried I cannot get Codesys on a hardware device to work. The cloud just ignores the send with no traces of the transactions in any logs? I assume this must be an incorrect SAS then that I generated from VCS Azure plugin and also IoT Explorer. My NR only used the key + device ID however Codesys uses the SAS...it's too simple to get it wrong however I'm stumped.
I looked at the link in your postings to study the SAS format however I cannot understand if my SAS should end with a & or not? Does it start after = ?
My Codesys also has a field named exactly <sSubDomainName> so I am nore sure if it's the whole URL string or just the sub domain part?
Any ideas will be much appreciated.
Hello @Martin de Lange ,
Can you share some example code of Codysis documentation to give insights about how calls are made from that environment?
Telemation,
Just checking if you managed to get the codesys iot lib interating with azureiot? Not sure if you can see my issue in this thread? Thks.
Many thks for the reply as it is driving me insane that the library is sold claiming to save me time and then the supplier only has a paid service to help me. I generate the SAS for 24hrs that is just a temp one that should I hope be safe for publishing it here. The code below comes from their only example and it seems a no brainer to work. As mentioned I get NR to use just the symetrical key.
My problems:
the sendMessage is a no source compiled object and I have not found any methods to capture it's chatter to the cloud
I do not know how to diagnose on the IoT hub the incoming data before security to see what is happening...with NR I can see the transactions even with the IoT Explorer.
I have not found info how the sendMessage should build the object....it suspiciously sends the deviceid in the pwsData string again?
Considering I pay $50 per device use for this library their documentation/examples suck however pls see if you can glean anything from the manual in my OneDrive folder:
https://catimco-my.sharepoint.com/:b:/g/personal/martin_catim_co/Ef0notZawkpDm66Tifm-ImYBiT-P1c_DsPRHiuPylYWAuA?e=byZ1qG
The documentation is not clear if the sSubDomainName is the whole URL string or partial just the sub?
The SAS I am using as below I do not know if this is all of the SAS or do I leave the & at the end out?
Next line is the whole connect string inclusing the SAS lease time it seems at the end:
HostName=catimhub1.azure-devices.net;DeviceId=CODESYSDevice1;SharedAccessSignature=SharedAccessSignature sr=catimhub1.azure-devices.net%2Fdevices%2FCODESYSDevice1&sig=br%2BGBo5KPup1EnJXgGbtVG%2FvTQlbwP9O0ezGQaPUjuc%3D&se=1612225381
sSubDomainName : STRING(100) := 'catimhub1.azure-devices.net'; // The name of your Azure IoT Hub
sDeviceId : STRING(100) := 'CODESYSDevice1'; // The device id
wsDeviceSaS : WSTRING(255) := "br%2BGBo5KPup1EnJXgGbtVG%2FvTQlbwP9O0ezGQaPUjuc%3D&"; // Your device SaS token (needed for c2d and d2c messages)
wsSendMessage : WSTRING(255) := "{ $"messageId$" : 1, $"deviceId$" : $"CODESYSDevice1$", $"temperature$" : 26, $"humidity$" : 32 }";
IF rSendTrig.Q THEN
sendMessage.xExecute := TRUE;
END_IF
sendMessage(
udiTimeOut := 5000000,
sHubDomainName := sSubDomainName,
sDeviceId := sDeviceId,
wsSaS := wsDeviceSaS,
pwsData := ADR(wsSendMessage));
IF sendMessage.xDone THEN
sendMessage(xExecute := FALSE);
xSendError := FALSE;
xSendOk := TRUE;
ELSIF sendMessage.xError THEN
sendMessage(xExecute := FALSE);
xSendError := TRUE;
xSendOk := FALSE;
END_IF
So I am assuming the code/library should work and that I am simply missing something due to the poor documentation?
The documentation is referencing the old device explorer which is already deprecated.
Does it seem the 365 days is the upper limit of that tool?
I can only recommend trying to generate the same key with the tooling as seen in the links instead of the Device Explorer.