Authenticating Messages Using an Internal Certificate

From an application perspective, authenticating messages using an internal certificate requires registering the internal certificate with MSMQ and setting the appropriate message properties.

Note  An internal certificate is created the first time the MSMQ Control Panel utility is run.

The following procedures highlight what must be done by the sending computer to request authentication using an internal certificate and what the receiving application can do to determine if MSMQ was able to authenticate the message.

    To request authentication using an internal certificate

1. Register the internal certificate using the MSMQ Control Panel option.
2. Optional. Call MQGetSecurityContext to retrieve the security context information from the certificate. This function puts the security context information in a security context buffer. This step is needed only if you are sending a large number of messages using the same certificate.
3. Set the PROPID_M_AUTH_LEVEL message property to MQMSG_AUTH_LEVEL_ALWAYS. This tells MSMQ to authenticate the message.
4. Make sure PROPID_M_SENDER_CERT is not specified. By default, this property uses the internal certificate that is registered. It is only used when an external certificate is used.
5. Optional. If you are using security context information, set PROPID_M_SECURITY_CONTEXT, pointing it to the security context buffer used by the call to MQGetSecurityContext.
6. Optional. If you want to change the hash algorithm MSMQ uses to authenticate the message, set PROPID_M_HASH_ALG (the default algorithm is CALG_MD5).
7. Optional. If you want MSMQ to return an acknowledgment to show that the message reached the queue or was retreived, set PROPID_M_ACKNOWLEDGE to MQMSG_ACKNOWLEDGMENT_FULL_REACH_QUEUE | MQMSG_ACKNOWLEDGMENT_NACK_REACH_QUEUE | MQMSG_ACKNOWLEDGMENT_FULL_RECEIVE | MQMSG_ACKNOWLEDGMENT_NACK_RECEIVE.
8. Send the message.

After the message is sent, the remaining work is done by MSMQ. For information on what MSMQ does to authenticate messages, see How MSMQ Authenticates Messages.

    To receive an authenticated message

There is no way for the receiving application to know if MSMQ failed to authenticate a message. Messages that fail authentication are never delivered to their destination queue. However, the receiving application can determine if a message was sent requesting authentication, which implicitly indicates the message was authenticated by MSMQ.

• When reading the message in the queue, verify that PROPID_M_AUTHENTICATED is set to 1. If it is set to 0, the message is not an authenticated message (it was not signed), and the receiving application decides if it wants to use the message.

When a message is authenticated (PROPID_M_AUTHENTICATED = 1) using an internal certificate, MSMQ guarantees that no one tampered with the message, and, if the sender identifier was sent with the message, that the received sender identifier in PROPID_M_SENDERID is the same as the sender identifier used to register the certificate.