Sending and Receiving Secure Messages

We saw how to send and receive message using both ASP and Visual Basic in the previous chapter. Here we'll concentrate just on the extra steps required to create messages that are authenticated, and messages that are encrypted.

Using MSMQ Message Authentication

To create a queue that will only accept authenticated messages in Visual Basic, we could use the following code. The line that encrypts the queue is highlighted:

Dim objQueueInfo As New MSMQQueueInfo 

Dim objQueue As New MSMQQueue

'set the name and label of the queue to create

objQueueInfo.PathName = ".\TestQueue"

objQueueInfo.Label = "My Authenticated Message Queue"

'set the queue to only accept authenticated messages 

objQueueInfo.Authenticate = MQ_AUTHENTICATE

'now create the queue object

objQueueInfo.Create

Set objQueue = objQueueInfo.Open(MQ_SEND_ACCESS, MQ_DENY_NONE)

If objQueue.IsOpen Then

'OK to send a message

End If

The

Authenticate
property can take one of two values:
MQ_AUTHENTICATE
(
1
) which creates a queue that will only accept authenticated messages, and
MQ_AUTHENTICATE_NONE
(
0
- the default) which will accept both authenticated and un-authenticated messages.

In Active Server Pages, we have to use the

Server.CreateObject
method to create the MSMQ objects, and the actual values of the MSMQ named constants. To create a queue that will only accept authenticated messages with ASP we can use the following:

Set objQueueInfo = Server.CreateObject("MSMQ.MSMQQueueInfo") 

Set objQueue = Server.CreateObject("MSMQ.MSMQQueue")

'set the name and label of the queue to create

objQueueInfo.PathName = ".\TestQueue"

objQueueInfo.Label = "My Authenticated Message Queue"

'set the queue to only accept authenticated messages 

objQueueInfo.Authenticate = 1

'now create the queue object

objQueueInfo.Create

Set objQueue = objQueueInfo.Open(2, 0) 'send and deny_none

If objQueue.IsOpen Then

'OK to send a message

End If

Changing a Queue's Authentication Property

The authentication level can be changed while the queue is open by changing the value of the

Authenticate
property and calling that particular
MSMQQueueInfo
object's
Update
method. Other applications can check the current setting of the queue's properties by calling the
MSMQQueueInfo
object's
Refresh
method and then reading the property values.

Sending Authenticated Messages

To create and send an authenticated message with Visual Basic we could use:

...

If objQueue.IsOpen Then

'OK to send a message

Dim objMessage As New MSMQMessage

objMessage.Label = "Authentication Test Message"

objMessage.Body = "This is a test of authentication"

'instruct MSMQ to authenticate the message on receipt

objMessage.AuthLevel = MQMSG_AUTH_LEVEL_ALWAYS

'tell it which authentication hash algorith to use (optional)

objMessage.HashAlgorithm = MQMSG_CALG_MD5

objMessage.Send objQueue

objQueue.Close

End If

The

AuthLevel
property can be set to
MQMSG_AUTH_LEVEL_ALWAYS 
(
1
) to instruct MSMQ to authenticate the message on receipt, and
MQMSG_AUTH_LEVEL_NONE
(
0
- the default) if it doesn’t need to be authenticated. The
HashAlgorithm
property defines which authentication method will be used. A dozen different encryption algorithms are defined, but not all are implemented at the time of writing and no doubt the list will change. The default for authenticated messages is MD5 (
&H8003
).

To create and send an authenticated message with Active Server Pages we could use:

...

If objQueue.IsOpen Then

'OK to send a message

Set objMessage = Server.CreateObject("MSMQ.MSMQMessage")

objMessage.Label = "Authentication Test Message"

objMessage.Body = "This is a test of authentication"

'instruct MSMQ to authenticate the message on receipt

objMessage.AuthLevel = 1

'tell it which authentication hash algorith to use (optional)

objMessage.HashAlgorithm = &H8003  'MD5 authentication

objMessage.Send objQueue

objQueue.Close

End If

Receiving Authenticated Messages

To receive a message and check its authentication status and security information in Visual Basic, we could use:

Dim objQueueInfo As New MSMQQueueInfo 

Dim objQueue As MSMQQueue

objQueueInfo.PathName = ".\TestQueue"

'set the name of the queue and open it

Set objQueue = objQueueInfo.Open(MQ_RECEIVE_ACCESS, MQ_DENY_NONE)

If objQueue.IsOpen Then

Set objMessage = objQueue.Receive

strInfo = "The message '" & objMessage.Label

If objMessage.IsAuthenticated Then

strInfo = strInfo & "' has been successfully authenticated by MSMQ." _

& Chr(13) & "The Sender ID is " & objMessage.SenderID _

& Chr(13) & "The ID Type is " & objMessage.SenderIDType

Else

strInfo = strInfo & "' has not been authenticated."

End If

MsgBox strInfo

End If

To receive a message and check its authentication status and security information using Active Server Pages we could use:

Set objQueueInfo = Server.CreateObject("MSMQ.MSMQQueueInfo") 

Set objQueue = Server.CreateObject("MSMQ.MSMQQueue")

'set the name of the queue and open it

objQueueInfo.PathName = ".\TestQueue"

Set objQueue = objQueueInfo.Open(1, 0)

If objQueue.IsOpen Then

strInfo = "The message '" & objMessage.Label

If objMessage.IsAuthenticated Then

strInfo = strInfo & "' has been successfully authenticated by MSMQ." _

& "<BR>The Sender ID is " & objMessage.SenderID _

& "<BR>The ID Type is " & objMessage.SenderIDType

Else

strInfo = strInfo & "' has not been authenticated."

End If

Response.Write strInfo

End If

Sending and Receiving Encrypted Messages

Creating a queue that will only accept encrypted messages is similar to creating one that uses authentication—and in fact you may want to combine the two security features. In the following sections of code we've omitted the lines that are repeated from the earlier example, to avoid excessive duplication.

To create a queue for encrypted messages in Visual Basic we could use:

...

objQueueInfo.PathName = ".\TestQueue"

objQueueInfo.Label = "My Encrypted Message Queue"

'set the queue to only accept encrypted messages 

objQueueInfo.PrivLevel = MQ_PRIV_LEVEL_BODY

'now create the queue object

objQueueInfo.Create

...

The

PrivLevel
property defines the privacy of the queue's messages. The values are
MQ_PRIV_LEVEL_NONE
(
0
- the default) which allows only un-encrypted messages to be sent,
MQ_PRIV_LEVEL_OPTIONAL
(
1
) which allow both encrypted and un-encrypted messages to be sent, and
MQ_PRIV_LEVEL_BODY
(
2
) which allows only encrypted messages to be sent.

To create a queue that will only accept encrypted messages with Active Server Pages we could use:

...

objQueueInfo.PathName = ".\TestQueue"

objQueueInfo.Label = "My Encrypted Message Queue"

'set the queue to only accept encrypted messages 

objQueueInfo.PrivLevel = 2

'now create the queue object

objQueueInfo.Create

...

Sending Authenticated Messages

To create and send an encrypted message with Visual Basic we could use:

...

objMessage.Label = "Encryption Test Message"

objMessage.Body = "This is a test of encryption"

'instruct MSMQ to encrypt the message

objMessage.PrivLevel = MQMSG_PRIV_LEVEL_BODY

'tell it which encryption algorith to use (optional)

objMessage.EncryptAlgorithm = MQMSG_CALG_RC4

objMessage.Send objQueue

objQueue.Close

...

The

PrivLevel
property here is similar to the
PrivLevel
property of the queue, but uses different named constants. The options are
MQMSG_PRIV_LEVEL_NONE
(
0
- the default) for messages that are not encrypted, and
MQMSG_PRIV_LEVEL_BODY
(
1
) for messages that are encrypted. Again there are a dozen different encryption algorithms defined, but not all are implemented at the time of writing. The default for encrypting messages is RC2 (
&H6602
).

For the latest details on implemented authentication and encryption algorithms, check out the Authentication and Encryption topics in the Securing Your MSMQ Enterprise section of the Microsoft Message Queue Server Administrator's Guide.

To create and send an encrypted message with Active Server Pages we would use:

...

objMessage.Label = "Encryption Test Message"

objMessage.Body = "This is a test of encryption"

'instruct MSMQ to encrypt the message

objMessage.PrivLevel = 1  'encrypted

'tell MSMQ which encryption algorith to use (optional)

objMessage.EncryptAlgorithm = &H6801  'RC4 encryption

objMessage.Send objQueue

objQueue.Close

...

Receiving Authenticated Messages

To receive a message and check its encryption level and type in Visual Basic, we could use:

...

objQueueInfo.PathName = ".\TestQueue"

Set objQueue = objQueueInfo.Open(MQ_RECEIVE_ACCESS, MQ_DENY_NONE)

If objQueue.IsOpen Then

Set objMessage = objQueue.Receive

strInfo = "Message '" & objMessage.Label

If objMessage.PrivLevel = MQMSG_PRIV_LEVEL_BODY Then

strInfo = strInfo & "' is encrypted using the algorithm " _

& CStr(objMessage.EncryptAlgorithm) & "."

Else

strInfo = strInfo & "' is not encrypted."

End If

MsgBox strInfo

End If

Here's the result with a small test program that combines all of the code samples shown above. It creates, sends and receives an encrypted message:

To receive a message and to check its encryption level and encryption type in Active Server Pages we might use:

...

objQueueInfo.PathName = ".\TestQueue"

Set objQueue = objQueueInfo.Open(1, 0)

If objQueue.IsOpen Then

Set objMessage = objQueue.Receive

strInfo = "Message '" & objMessage.Label

If objMessage.PrivLevel = 1 Then

strInfo = strInfo & "' is encrypted using the algorithm " _

& CStr(objMessage.EncryptAlgorithm) & "."

Else

strInfo = strInfo & "' is not encrypted."

End If

Response.Write strInfo

End If

This is the result given by combining the ASP code samples above. It produces a page that creates an encrypted queue, sends an encrypted message to it, and then retrieves the message:

© 1998 by Wrox Press. All rights reserved.