MSMQ authenticates messages at the request of the sending application. When the sending application indicates it wants a message authenticated, the MSMQ run-time code performs the following tasks:
Note For applications using API functions, external certificates are provided in PROPID_M_SENDER_CERT and security context information is provided in PROPID_M_SECURITY_CONTEXT.
For applications using ActiveX components, external certificates are provided in SenderCertificate and security context information is retrieved by AttachCurrentSecurityContext.
Note For applications using API functions, the Hash algorithm is specified by PROPID_M_HASH_ALG (the default algorithm is CALG_MD5).
For applications using ActiveX components, the Hash algorithm is specified by the MSMQMessage object's HashAlgorithm property (the default algorithm is CALG_MD5).
API Functions | ActiveX Components |
---|---|
PROPID_M_CORRELATIONID | CorrelationId |
PROPID_M_APPSPECIFIC | AppSpecific |
PROPID_M_BODY | Body |
PROPID_M_LABEL | Label |
PROPID_M_RESP_QUEUE | ResponseQueueInfo |
PROPID_M_ADMIN_QUEUE | AdminQueueInfo |
When the target Queue Manager receives the message, it performs the following tasks:
The sender identifier stored with the certificate is retrieved from Active Directory and compared with the message's PROPID_M_SENDERID or SenderId property. (This is why the certificate should be registered with MSMQ.)
Note MSMQ does not validate the external certificate. The receiving application performs any validation requirements on the certificate before using an authenticated message. MSMQ generates the digital signature of a message when it is sent and verifies the digital signature when the message is received, but does not validate the certificate itself.