1

I have a transactional private queue on my local machine. If the queue is not authenticated, the message goes into the queue. If I set the queue to be authenticated, it doesn't. The application sending to the queue is running as myself (and I have full control on the queue). Anonymous users also have Send Message permissions on the queue. I'm confused as to what I need to do to send a message to an authenticated queue.

Here is the binding that I am using:

NetMsmqBinding msmq = new NetMsmqBinding(NetMsmqSecurityMode.None);
msmq.MaxReceivedMessageSize = int.MaxValue;
msmq.CloseTimeout = TimeSpan.FromMinutes(3);
msmq.SendTimeout = TimeSpan.FromMinutes(3);
msmq.ReceiveTimeout = TimeSpan.FromMinutes(3);
msmq.ReaderQuotas.MaxDepth = int.MaxValue;
msmq.ReaderQuotas.MaxStringContentLength = int.MaxValue;
msmq.ReaderQuotas.MaxArrayLength = int.MaxValue;
msmq.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
msmq.ReaderQuotas.MaxNameTableCharCount = int.MaxValue;
msmq.ExactlyOnce = true;
msmq.Durable = true;
msmq.TimeToLive = TimeSpan.FromHours(1);

Ideally, I would like to have everyone (including unrecognized users) be able to send messages, but limit who can peek and receive messages. I'm not sure if this is possible.

So, the first question: How can I get a message into an authenticated queue?

It looks like I need to turn transport security on with msmqAuthenticationMode of WindowsDomain. However, when I do, I get the following error:

Binding validation failed because the binding's MsmqAuthenticationMode property is set to WindowsDomain but MSMQ is installed with Active Directory integration disabled. The channel factory or service host cannot be opened.

Looks like my MSMQ is installed in Workgroup mode, not Directory mode. How do I fix that? When I remove MSMQ and then add it back (with all features), it's still not in Directory mode. I am on Win7.

zimdanen
  • 5,508
  • 7
  • 44
  • 89
  • For Directory Mode you need a domain controller and a domain. If you just have a Windows 7 machine then you could use VirtualPC/VMware to create a Windows server for your machine to use as the domain controller. – John Breakwell Nov 28 '12 at 00:04

2 Answers2

1

Authentication requires Active Directory. MSMQ checks the sender has a certificate in AD. Therefore only works with domain accounts. Certificate created when domain account logs on to machine hosting queue.

John Breakwell
  • 4,667
  • 20
  • 25
  • So, I'm logged into my machine as a domain account. If I run just as myself (F5 in VS), no message goes in. If I run the EXE as a user (myself, but now with explicit domain login), still no message appears in the queue. How do I make the queue accept the message? – zimdanen Nov 20 '12 at 15:59
0

MSMQ has to be installed in Directory mode, and you have to set msmq.Security.Mode to Transport to provide the WindowsDomain credentials. To get to Directory mode, you need to reinstall MSMQ - but make sure to remove the msmq object on your machine before reinstalling.

zimdanen
  • 5,508
  • 7
  • 44
  • 89