MSMQ Security Services

Synchronous RPC messages can use any of the security features available from the RPC run time. See Security for more details.

Asynchronous [ message] calls cannot use RPC security because there is no handshake between client and server. In fact, the server may not even be running at the time of the call. To access the security services provided by Message Queuing Services (MSMQ), the client application should call RpcBindingSetAuthInfo to control the level of authentication and privacy for its calls to the server.

The server application can call RpcBindingInqAuthClient from within a remote procedure call to determine the security level for that call. The mapping between RPC security constants and MSMQ security is shown in the following table.

RPC security level Description
RPC_AUTHN_LEVEL_NONE The call is not authenticated or encrypted.
RPC_AUTHN_LEVEL_PKT_INTEGRITY The call is authenticated using MSMQ security.
RPC_AUTHN_LEVEL_PKT_PRIVACY The call is authenticated and encrypted as it travels between the client and server queue.

 

The server can also force call authentication and encryption by calling RpcServerUseProtseqEpEx and setting the RPC_C_MQ_AUTHN_LEVEL_NONE, RPC_C_MQ_AUTHN_LEVEL_PKT_INTEGRITY and RPC_C_MQ_AUTHN_LEVEL_PKT_PRIVACY flags in the RPC_POLICY structure.