DEV Community: Harnoor Puniyani

Understanding Azure Service Bus: How to Manage Routing, Sessions, and Atomicity

Harnoor Puniyani — Sat, 18 Oct 2025 09:25:39 +0000

When I first used Azure Service Bus, I thought it was “just a queue.” It’s much more: routing, ordering, retries, DLQ, and transactions—useful for high‑volume, near real‑time, stateful integrations.

Service Bus in 60 seconds

Queues: point‑to‑point
Topics & Subscriptions: pub/sub with SQL filters on message properties
Sessions: FIFO per key (keeps order for a customer/order)
Retries & DLQ: automatic retries; poison messages move to DLQ
Extras: duplicate detection, scheduled delivery, deferral, transactions

Using Service Bus in Modern Architectures

I’m highlighting three common use cases that are easily handled with queues and topics.

1) Event‑Driven Architecture with Routed Messages

Scenario: accept requests, fan‑out by properties, and keep downstreams isolated.

For an asynchronous inbound flow, expose a Topic where a client can send messages. Based on custom metadata (for example, a type property), if type is ERP_PRODUCT_MASTER it goes to the product subscription; if type is ERP_CUSTOMER_MASTER it goes to the customer subscription. Messages are filtered into their respective subscriptions. If a subscription needs to receive all events, omit the filter—product events will go to both the logs subscription and the product subscription, and similarly for customer events.

2) Sessions as a Keyed Index (the “HashMap” trick)

Docs focus on sessions for strict ordering. You can also use a session as a single‑item, keyed bucket for quick lookups.

Imagine a transactional flow where you store the data in Service Bus and keep only a reference to that message in the client system. When the client later sends the reference, you need to fetch the message from Service Bus. The simplest method is to use sessions:

Set SessionId to a business key (e.g., REF-123)
Store one message per session (acts like key → value)
The consumer accepts the session with that ID to fetch the message directly

Benefits:

No scanning/deferring through many messages
Avoids long lock durations while you hunt for the right payload

3) Transactional Atomicity

Goal: process a batch atomically; complete only on success.

Receive in peek‑lock, do work, then complete
On transient failure: abandon (retry)
On business retry later: defer (preserve for targeted pickup)
On poison: let it exceed max deliveries → DLQ

Notes:

Tune MaxDeliveryCount to balance retries vs. fast DLQ
Renew locks if processing may exceed LockDuration
Make handlers idempotent (at‑least‑once delivery)

Ops and Security Tips

Enable duplicate detection if producers can retry sends
Alert on DLQ > 0, retry spikes, handler failures
Prefer Premium + private endpoints/VNet where possible
Use Managed Identities/App Registrations over SAS
Log CorrelationId and business keys; avoid payload logging

Thanks for reading. If you want configuration‑focused examples (Functions/Logic Apps, sessions, filters, or DLQ replay), let me know.

Create Multi Architecture Images using Docker with Azure DevOps CICD

Harnoor Puniyani — Thu, 03 Jul 2025 15:08:01 +0000

Introduction

Whenever we create the Docker images, mostly it would be for dev-test purposes or to create a production ready images for the kubernetes. Either of the scenarios, we need the images to built on multi architecture so either they can be deployed on different nodes not limited by the architecture and we can also share our images to the different people.

Prepare Application

In this example I would be using a python based flask application, which just displays a welcome message.

Tools

Ideally this can be achieved using various methods, but the easiest and the fastest thing to do would be to use the docker buildx plugin.

I am using a debian based instance so the steps for installing docker are listed here.

PS: Even after installing, docker buildx version does not work, then try doing docker it would show if there's any error loading the plugin, for me it was not able to access the plugin files, so I just sudoed as any root user should :p sudo docker buildx version and it worked.

Azure DevOps

Step 0: Create an account on the docker hub, and have the generate the access token, or configure any other registry for that matter.

Step 1: Make sure you have created the service connection to the docker hub.

Step 2: Create a git repo for your application with the Dockerfile, make sure in this app you do not have any credentials or secrets embedded.

Step 3: Lets create a CICD

Step 4: Use the action docker install Cli, you can give any version or the latest version. To get the list of the docker versions, refer the documentation here

Step 5: Verify if the docker buildx is installed, probably using a script which says version docker buildx version.

Step 6: Now, we can proceed with creating our own builder, as we want our builder to work for multiple architectures/ platform hence we are using a custom builder.

Step 7: Once the builder is created, lets put it to build, remember that the built images remain local to the builder only unless we push it to the registry, alternatively you can also load it into the docker if its not a multi-architecture image

Step 8: That's it for the building, but as a next step you can use image scanners, to scan them for any vulnerabilities.

CICD YAML

trigger:
  branches:
    include:
      - master

resources:
- repo: self

variables:
  basetag: 'user/imageName'
  buildtag: '$(Build.BuildNumber)'
  latesttag: 'latest'

stages:
- stage: Build
  displayName: Build image
  jobs:
  - job: Build
    displayName: Build
    pool:
      vmImage: ubuntu-latest
    steps:
    - task: DockerInstaller@0
      inputs:
        dockerVersion: '28.3.0'
    - script: docker buildx version
      displayName: Check docker buildx

    - task: Docker@2
      inputs:
        containerRegistry: 'docker-harnoorpuniyani'
        command: 'login'
        addPipelineData: false
        addBaseImageData: false

    - script: |
        docker buildx create --use --name builder
      displayName: create Buildx Builder

    - script: |
        docker buildx build --platform linux/amd64,linux/arm64 -t '$(basetag):$(buildtag)' -t '$(basetag):$(latesttag)' . --push
      displayName: Create and Push Multi Architecture Image

References

Github Repo - harnoor-puniyani/echo-app

Feel free to contribute to this application and Fork it for updates on this repository.

Reach out to me -
linkedin | puniyaniharnoor@gmail.com

Multiple Django apps on same port

Harnoor Puniyani — Thu, 15 May 2025 18:16:58 +0000

Introduction

The focus of this article is to run multiple services on a single port, such as hosting two websites on port 80 and port 443.
Although docker allows us to map the ports from container to the host as we want, and eliminates the need to run multiple services on a single port, But there are lot of legacy Business Applications being used where docker is not supported.

Ports

As we all know from the facts that in a system there are total 65536 ports that is from 0 - 65535 ports that are being used, out of this many are system reserved ports and only small amount of ports are available on which we can expose services. Such as port 80 for HTTP, 443 for HTTPS, 22 for SSH , 3389 for RDP and so on.

Network Adaptors

By default every system has at least 2 network cards, one is the loopback or the localhost network card (127.0.0.1), and another one would be either WiFi or the LAN network card (192.168.1.1).

This can be checked using the command ipconfig if you are using the windows system or if you are Debian/Ubuntu distribution use ifconfig.

I have docker installed on my system so one more network adaptor is visible for the docker. You can create multiple network adaptors if needed, simplest way is to use the docker or the virtual box to create network cards.

Setup Django applications

I have forked two different Django applications from GitHub for this demo, or you can simply create one if needed.
We are runing:

One Django app with devops.settings on http://localhost:3000, having the route demo
Another Django app with mysite.settings on http://10.160.0.4:3000, does not have the route demo

Despite both using port 3000, they operate without conflict because they are bound to different network interfaces

Localhost is bound to the loopback interface
10.160.0.4 binds to the machine's network interface IP.

Running the Applications

Please ensure you have activated the required virtual environment, and are already in the correct directory

Starting the application only on Localhost,
python3 manage.py runserver localhost:3000
Starting the application only the IP address
python3 manage.py runserver 10.160.0.4:3000

Observing the Behavior

Both the servers start successfully on port 3000
The Localhost redirected the requests for the route /demo, here I was not following the redirects, as redirects on Django mostly indicates its a custom route, but you can follow the redirects using the curl -L <url>
The IP address on /demo path returned 404, as demo path is not defined on this application.

The difference in the behavior for the same route is a clear indicator that 2 different applications are getting called.

Observe the server URL and debug logs.

Conclusion

Just in case if you want to expose the service to all the network adaptors you can use 0.0.0.0:<port>.

From what we saw, the ports can be scoped to the network adaptor level and can be used parallelly without any conflicts. So if we assume there are x number of usable ports in the system, and there are y network interfaces on the system, so its safe to say that we can actually expose x*y services.

Please feel free to add or discuss, that you feel I might have missed out.

Dev: It works on my machine. Ops: Cool. Let’s ship your machine to production

Harnoor Puniyani — Tue, 22 Apr 2025 09:39:54 +0000

Exploiting Websites

Harnoor Puniyani — Sun, 20 Apr 2025 14:02:32 +0000

Today, I’m going to discuss about the small scale applications, their vulnerabilities and how they can be secured.

Often the websites, or the web-apps which come out as well developed in specific aspects such as performance, UI and responsiveness often turns out to be vulnerable in many ways.

For example, I came across as one of the translators here. Which seemed like a 2-tier application inclusive of frontend and backend, where on submit button frontend requests the backend.

So far things seemed quite normal, right? But when I started tracking the API, it turned out to be fully open, no security implemented on it whatsoever. Since it was only an translator it might seem like what a person could do even the API is open.

APIs can be leveraged in many ways, lets say if the underlying service is an paid service and API is just an wrapper, then by repeatedly calling the same API I can increase the consumption charges for the individual or the company, incurring the losses.

If it serves any business value, then by using DDOS or similar attacks I can make it unavailable for the actual users, which might delay the operations and cause disruptions leading to monetary losses.

It is suggested to use the authentication on the backend, along with CORS and origin headers so that requests are allowed only from specific locations. Additionally, have some security solution installed to monitor the application to detect anomalies and send alerts.

Please let me know in the comments if you need a detailed guide of how to extract APIs.
You can reach out to me through email - puniyaniharnoor@gmail.com and LinkedIn

How to ACE Coporate

Harnoor Puniyani — Thu, 27 Mar 2025 07:34:41 +0000

Get the Blog here