We saw how to send and receive message using both ASP and Visual Basic in the previous chapter. Here we'll concentrate just on the extra steps required to create messages that are authenticated, and messages that are encrypted.
Using MSMQ Message Authentication
To create a queue that will only accept authenticated messages in Visual Basic, we could use the following code. The line that encrypts the queue is highlighted:
Dim objQueueInfo As New MSMQQueueInfo
Dim objQueue As New MSMQQueue
'set the name and label of the queue to create
objQueueInfo.PathName = ".\TestQueue"
objQueueInfo.Label = "My Authenticated Message Queue"
'set the queue to only accept authenticated messages
objQueueInfo.Authenticate = MQ_AUTHENTICATE
'now create the queue object
objQueueInfo.Create
Set objQueue = objQueueInfo.Open(MQ_SEND_ACCESS, MQ_DENY_NONE)
If objQueue.IsOpen Then
'OK to send a message
End If
The
property can take one of two values: Authenticate
(MQ_AUTHENTICATE
) which creates a queue that will only accept authenticated messages, and 1
(MQ_AUTHENTICATE_NONE
- the default) which will accept both authenticated and un-authenticated messages.0
In Active Server Pages, we have to use the
method to create the MSMQ objects, and the actual values of the MSMQ named constants. To create a queue that will only accept authenticated messages with ASP we can use the following:Server.CreateObject
Set objQueueInfo = Server.CreateObject("MSMQ.MSMQQueueInfo")
Set objQueue = Server.CreateObject("MSMQ.MSMQQueue")
'set the name and label of the queue to create
objQueueInfo.PathName = ".\TestQueue"
objQueueInfo.Label = "My Authenticated Message Queue"
'set the queue to only accept authenticated messages
objQueueInfo.Authenticate = 1
'now create the queue object
objQueueInfo.Create
Set objQueue = objQueueInfo.Open(2, 0) 'send and deny_none
If objQueue.IsOpen Then
'OK to send a message
End If
Changing a Queue's Authentication Property
The authentication level can be changed while the queue is open by changing the value of the
property and calling that particular Authenticate
object's MSMQQueueInfo
method. Other applications can check the current setting of the queue's properties by calling the Update
object's MSMQQueueInfo
method and then reading the property values.Refresh
Sending Authenticated Messages
To create and send an authenticated message with Visual Basic we could use:
...
If objQueue.IsOpen Then
'OK to send a message
Dim objMessage As New MSMQMessage
objMessage.Label = "Authentication Test Message"
objMessage.Body = "This is a test of authentication"
'instruct MSMQ to authenticate the message on receipt
objMessage.AuthLevel = MQMSG_AUTH_LEVEL_ALWAYS
'tell it which authentication hash algorith to use (optional)
objMessage.HashAlgorithm = MQMSG_CALG_MD5
objMessage.Send objQueue
objQueue.Close
End If
The
property can be set to AuthLevel
(MQMSG_AUTH_LEVEL_ALWAYS
) to instruct MSMQ to authenticate the message on receipt, and 1
(MQMSG_AUTH_LEVEL_NONE
- the default) if it doesn’t need to be authenticated. The 0
property defines which authentication method will be used. A dozen different encryption algorithms are defined, but not all are implemented at the time of writing and no doubt the list will change. The default for authenticated messages is MD5 (HashAlgorithm
).&H8003
To create and send an authenticated message with Active Server Pages we could use:
...
If objQueue.IsOpen Then
'OK to send a message
Set objMessage = Server.CreateObject("MSMQ.MSMQMessage")
objMessage.Label = "Authentication Test Message"
objMessage.Body = "This is a test of authentication"
'instruct MSMQ to authenticate the message on receipt
objMessage.AuthLevel = 1
'tell it which authentication hash algorith to use (optional)
objMessage.HashAlgorithm = &H8003 'MD5 authentication
objMessage.Send objQueue
objQueue.Close
End If
Receiving Authenticated Messages
To receive a message and check its authentication status and security information in Visual Basic, we could use:
Dim objQueueInfo As New MSMQQueueInfo
Dim objQueue As MSMQQueue
objQueueInfo.PathName = ".\TestQueue"
'set the name of the queue and open it
Set objQueue = objQueueInfo.Open(MQ_RECEIVE_ACCESS, MQ_DENY_NONE)
If objQueue.IsOpen Then
Set objMessage = objQueue.Receive
strInfo = "The message '" & objMessage.Label
If objMessage.IsAuthenticated Then
strInfo = strInfo & "' has been successfully authenticated by MSMQ." _
& Chr(13) & "The Sender ID is " & objMessage.SenderID _
& Chr(13) & "The ID Type is " & objMessage.SenderIDType
Else
strInfo = strInfo & "' has not been authenticated."
End If
MsgBox strInfo
End If
To receive a message and check its authentication status and security information using Active Server Pages we could use:
Set objQueueInfo = Server.CreateObject("MSMQ.MSMQQueueInfo")
Set objQueue = Server.CreateObject("MSMQ.MSMQQueue")
'set the name of the queue and open it
objQueueInfo.PathName = ".\TestQueue"
Set objQueue = objQueueInfo.Open(1, 0)
If objQueue.IsOpen Then
strInfo = "The message '" & objMessage.Label
If objMessage.IsAuthenticated Then
strInfo = strInfo & "' has been successfully authenticated by MSMQ." _
& "<BR>The Sender ID is " & objMessage.SenderID _
& "<BR>The ID Type is " & objMessage.SenderIDType
Else
strInfo = strInfo & "' has not been authenticated."
End If
Response.Write strInfo
End If
Sending and Receiving Encrypted Messages
Creating a queue that will only accept encrypted messages is similar to creating one that uses authentication—and in fact you may want to combine the two security features. In the following sections of code we've omitted the lines that are repeated from the earlier example, to avoid excessive duplication.
To create a queue for encrypted messages in Visual Basic we could use:
...
objQueueInfo.PathName = ".\TestQueue"
objQueueInfo.Label = "My Encrypted Message Queue"
'set the queue to only accept encrypted messages
objQueueInfo.PrivLevel = MQ_PRIV_LEVEL_BODY
'now create the queue object
objQueueInfo.Create
...
The
property defines the privacy of the queue's messages. The values are PrivLevel
(MQ_PRIV_LEVEL_NONE
- the default) which allows only un-encrypted messages to be sent, 0
(MQ_PRIV_LEVEL_OPTIONAL
) which allow both encrypted and un-encrypted messages to be sent, and 1
(MQ_PRIV_LEVEL_BODY
) which allows only encrypted messages to be sent.2
To create a queue that will only accept encrypted messages with Active Server Pages we could use:
...
objQueueInfo.PathName = ".\TestQueue"
objQueueInfo.Label = "My Encrypted Message Queue"
'set the queue to only accept encrypted messages
objQueueInfo.PrivLevel = 2
'now create the queue object
objQueueInfo.Create
...
Sending Authenticated Messages
To create and send an encrypted message with Visual Basic we could use:
...
objMessage.Label = "Encryption Test Message"
objMessage.Body = "This is a test of encryption"
'instruct MSMQ to encrypt the message
objMessage.PrivLevel = MQMSG_PRIV_LEVEL_BODY
'tell it which encryption algorith to use (optional)
objMessage.EncryptAlgorithm = MQMSG_CALG_RC4
objMessage.Send objQueue
objQueue.Close
...
The
property here is similar to the PrivLevel
property of the queue, but uses different named constants. The options are PrivLevel
(MQMSG_PRIV_LEVEL_NONE
- the default) for messages that are not encrypted, and 0
(MQMSG_PRIV_LEVEL_BODY
) for messages that are encrypted. Again there are a dozen different encryption algorithms defined, but not all are implemented at the time of writing. The default for encrypting messages is RC2 (1
).&H6602
For the latest details on implemented authentication and encryption algorithms, check out the Authentication and Encryption topics in the Securing Your MSMQ Enterprise section of the Microsoft Message Queue Server Administrator's Guide.
To create and send an encrypted message with Active Server Pages we would use:
...
objMessage.Label = "Encryption Test Message"
objMessage.Body = "This is a test of encryption"
'instruct MSMQ to encrypt the message
objMessage.PrivLevel = 1 'encrypted
'tell MSMQ which encryption algorith to use (optional)
objMessage.EncryptAlgorithm = &H6801 'RC4 encryption
objMessage.Send objQueue
objQueue.Close
...
Receiving Authenticated Messages
To receive a message and check its encryption level and type in Visual Basic, we could use:
...
objQueueInfo.PathName = ".\TestQueue"
Set objQueue = objQueueInfo.Open(MQ_RECEIVE_ACCESS, MQ_DENY_NONE)
If objQueue.IsOpen Then
Set objMessage = objQueue.Receive
strInfo = "Message '" & objMessage.Label
If objMessage.PrivLevel = MQMSG_PRIV_LEVEL_BODY Then
strInfo = strInfo & "' is encrypted using the algorithm " _
& CStr(objMessage.EncryptAlgorithm) & "."
Else
strInfo = strInfo & "' is not encrypted."
End If
MsgBox strInfo
End If
Here's the result with a small test program that combines all of the code samples shown above. It creates, sends and receives an encrypted message:
To receive a message and to check its encryption level and encryption type in Active Server Pages we might use:
...
objQueueInfo.PathName = ".\TestQueue"
Set objQueue = objQueueInfo.Open(1, 0)
If objQueue.IsOpen Then
Set objMessage = objQueue.Receive
strInfo = "Message '" & objMessage.Label
If objMessage.PrivLevel = 1 Then
strInfo = strInfo & "' is encrypted using the algorithm " _
& CStr(objMessage.EncryptAlgorithm) & "."
Else
strInfo = strInfo & "' is not encrypted."
End If
Response.Write strInfo
End If
This is the result given by combining the ASP code samples above. It produces a page that creates an encrypted queue, sends an encrypted message to it, and then retrieves the message: