1

I'm building a system where several clients are connected to a central server by WCF using duplex MSMQ (updates are sent to the server, messages are periodically pushed out to several clients).

How do I best secure this scenario? The nature of duplex WCF effectively makes each client a server. Does that mean to secure each channel every client needs to shell out $1200 for a verisign cert?

SteveCav
  • 6,649
  • 1
  • 50
  • 52

1 Answers1

1

Because MSMQ binding uses regular MSMQ queues, you can implement security using the standard MSMQ queue security model. You need to make sure you set security mode to 'Transport', and then allow or restrict access to the queue as appropriate.

When you create a queue you can set permissions which govern who can send, receive, or remove from the queue using active directory or Windows accounts. The only resource I can find with a few minutes googling is MSMQ for .NET Developers - describes a little about setting permissions.

Have a read of Securing Messages with Transport Security and the examples in the NetMsmqBinding documentation.

So you should either run your services as the same user, or ensure all the users are in a single AD group, etc and then grant queue permissions (send permission?) to that user / group only.

Kirk Broadhurst
  • 27,836
  • 16
  • 104
  • 169
  • Are you saying SSL is not needed for MSMQ? – SteveCav Jan 23 '12 at 04:04
  • @SteveCav I've only used MSMQ on a network using Active Directory, and as such I've secured it using Windows Authentication. You definitely do not *need* SSL for MSMQ - you can use it, but that's a choice for you to make. – Kirk Broadhurst Jan 24 '12 at 00:22
  • Thanks for the reply. I forgot to mention this is cross-domain! I can't find a way to secure MSMQ + cross-domain + duplex :( – SteveCav Jan 24 '12 at 00:25