Connector Application Security

The MSMQ Connector Server is not available with the Windows NTŪ 4.0 Option Pack.

Security operations can be performed by the connector application, or they can be passed on to the foreign computer where the destination queue is located.

Connector applications that pass security operations to the foreign queue are referred to as transparent applications. As a transparent application, the connector application translates the message properties so they can be understood by the foreign computer, and then passes the translated message properties on to their destination. In this case, the foreign computer must interpret the message properties and perform any required actions.

Connector applications that perform security operations themselves are referred to as non-transparent applications. As a non-transparent application, the connector application receives messages from either MSMQ or the other message queue system, interprets the message's properties, and performs any required actions. Then the application sends the message on with the appropriate message properties. In this case, the foreign queue must be able to trust the connector application to perform the correct actions.

Note  Tasks for non-transparent applications are also relevant to message systems that use transparent connector applications. Even though the transparent application does not perform tasks at the server, these security tasks still must be done when the message reaches the foreign queue.

Several properties are used when creating the signature of the sender. When a transparent connector application translates these properties (in particular the administration and response queue properties) to their new values, it must include both the translated and original values when it passes the message on to its destination. The foreign application needs the original values to authenticate the signature when the message arrives.

Providing the necessary information is much more difficult for messages being sent to an MSMQ queue than messages sent to a foreign queue. In this case, the foreign application must retrieve an MSMQ-representation of the signature properties before it creates the signature.