I am using SAS token authentication along with device-ID (or publisher-Id) in my event Hub publisher code. But i see that it is possible to send an event to any partition ID by using "CreatePartitionedSender" client even though I have authenticated using a device-ID. Whereas I do not want two different device-Ids publishing events in same partition. Is it possible that we can add some custom "authorization" code along with the SAS authentication to allow limited partition access to any device.
The idea behind adding authorization to device and partition-Id combination was to accommodate single event-hub for multiple tenants. Please advise if I am missing anything.
Please see below the code snippet for publisher:
string token = SharedAccessSignatureTokenProvider.GetPublisherSharedAccessSignature(
new Uri("sb://----.servicebus.windows.net/"),
eventHubName, publisherId, "send",
sasKey,
new TimeSpan(0, 5, 0));
var connStr = ServiceBusConnectionStringBuilder.CreateUsingSharedAccessSignature(
new Uri("sb://----.servicebus.windows.net/"),
eventHubName,
publisherId,
token);
var message = "Some text data " + publisherId;
var eventData = new EventData(Encoding.UTF8.GetBytes(message));
var evetHubClient = EventHubClient.CreateFromConnectionString(connectionString, eventHubName);
Console.WriteLine("Message sending to 2 different partitions: {0}", message);
await evetHubClient.CreatePartitionedSender("0").SendAsync(eventData);
await evetHubClient.CreatePartitionedSender("1").SendAsync(eventData);