Authenticating Messages Using an External Certificate
From an application perspective, authenticating messages using an external certificate is very easy. It simply requires getting the external certificate from a certification authority, registering the certificate, and setting the appropriate message properties.
To send an authenticated message
-
Obtain a certificate from an authorized certification authority. A common way to obtain a certificate is to request a class 1 certificate from VeriSign Commercial Software Publishers using Microsoft® Internet Explorer (version 3.0 or later).
-
Place the certificate in the Microsoft Internet Explorer personal certificate store (if Internet Explorer was used to obtain the certificate, this is done automatically). MSMQ can only use certificates placed in this store.
-
Register the external certificate using MS Message Queue in Control Panel. By default, MSMQ attaches the sender identifier (SID) to the message allowing MSMQ to verify the message with the sender identifier and the external certificate. However, if you don't want to verify the message with the sender identifier (SID), explicitly set PROPID_M_SENDERID_TYPE to MQMSG_SENDERID_TYPE_NONE and do not register the certificate. Using the sender identifier to verify a message is optional. MSMQ can still authenticate the message with only the unregistered external certificate.
-
Optional. Call MQGetSecurityContext to retrieve the security context information from the certificate. This function puts the security context information in a security context buffer. This step is needed only if you are sending a large number of messages using the same certificate.
-
Set PROPID_M_AUTH_LEVEL to MQMSG_AUTH_LEVEL_ALWAYS.
-
Set PROPID_M_SENDER_CERT.
-
Optional. If you are using security context information, set PROPID_M_SECURITY_CONTEXT, pointing it to the security context buffer used by the call to MQGetSecurityContext.
-
Optional. If you want to change the hash algorithm MSMQ uses to authenticate the message, set PROPID_M_HASH_ALG (the default algorithm is CALG_MD5).
-
Optional. If you want MSMQ to return an acknowledgment to show that the message reached the queue or was retreived, set PROPID_M_ACKNOWLEDGE to MQMSG_ACKNOWLEDGMENT_FULL_REACH_QUEUE | MQMSG_ACKNOWLEDGMENT_NACK_REACH_QUEUE | MQMSG_ACKNOWLEDGMENT_FULL_RECEIVE | MQMSG_ACKNOWLEDGMENT_NACK_RECEIVE.
-
Send the message.
After the message is sent, the remaining work is done by MSMQ. For information on what MSMQ does to authenticate the message, see How MSMQ Authenticates Messages.
To receive an authenticated message
There is no way for the receiving application to know if MSMQ failed to authenticate a message. Messages that fail authentication are never delivered to their destination queue. However, the receiving application can determine if a message was sent requesting authentication, which implicitly indicates the message was authenticated by MSMQ.
-
When reading the message in the queue, verify that PROPID_M_AUTHENTICATED is set to 1. If it is set to 0, the message is not an authenticated message (it was not signed), and the receiving application decides if it wants to use the message.
When a message is authenticated (PROPID_M_AUTHENTICATED = 1) using an external certificate, MSMQ guarantees certain aspects of the message, but it does not validate all the information provided by the external certificate.
MSMQ guarantees that no one tampered with the message, that the owner of the certificate (as specified in the certificate) sent the message, and that any received sender identifier (PROPID_M_SENDERID) matches the sender identifier used to register the certificate.
The receiving application must perform any validation requirements on the remaining information in the certificate. MSMQ does not validate the external certificate.