tags:

views:

337

answers:

3
+1  Q: 

NServiceBus & MSMQ: How To Change the Default Permissions on the Queue?

My team is on our first attempt at using NServiceBus (v2.0), using MSMQ as the backing storage. We're getting stuck on queue permissions.

We're using it in a Web Forms application, where the user account the website runs under is not an administrator on the machine.

When NServiceBus creates the MSMQ queue, it gives the local administrators group full control, and the local everyone and anonymous groups permissions to send messages.

But then later, as part of initializing the queue, NServiceBus tries to read all of its messages. That's where we run into the permissions error. Since the website isn't running as an administrator, it's not allowed to read messages.

How are other people dealing with this? Do your applications run as administrators? Or do you create the MSMQ queue in your code first, giving it the permissions you need, so that NServiceBus doesn't have to create it? Or is there a bit of configuration we're missing? Or are we likely writing our code that uses NServiceBus incorrectly to be running into this?

A: 

change ownership of the queue, it's the only thing that worked for me in a similar situation

Allen  2010-05-21 10:33:36
Do you mean that we should do that programmatically by changing how we use NServiceBus or by hand?
Amy T  2010-05-21 11:27:57
+1  A: 

This blog post should help:

http://blogs.msdn.com/johnbreakwell/archive/2009/08/03/default-msmq-queue-permissions-have-changed-in-msmq-4-0.aspx

Especially:

"If you want to set permissions when you create queues, you can always build the desired security descriptor and pass it in the pSecurityDescriptor parameter of MQCreateQueue (http://msdn.microsoft.com/en-us/library/ms701768(VS.85).aspx). You can't, though, customise the defaults as they are hard-coded."

Cheers
John Breakwell (ex-MSFT)

John Breakwell  2010-05-21 14:34:20
Interesting. We actually do set our own custom permissions on the queue in some older code where it's our code that creates the queue. Right now, though, the trouble is that we're letting NServiceBus create the queue for us, and I can't find a way to make it create the queues with permissions other than the NServiceBus defaults. I'm starting to lean toward making sure the queue is there with the right permissions before we start trying to use it with NServiceBus.
Amy T  2010-05-21 14:43:17
+1  A: 

We create the queues in an Installer subclass and execute it as part of the msi install. Ownership of the queue is a shortcut, but the relevant permissions can be set through AccessControlList:

MessageQueue queue = MessageQueue.Create(queueName, true);
AccessControlList permissions = new AccessControlList();
permissions.Add(new MessageQueueAccessControlEntry(
    new Trustee(this.serviceProcessInstaller.Username),
    MessageQueueAccessRights.FullControl, 
    AccessControlEntryType.Set));
// Add additional permissions for admins & message-sending accounts
queue.SetPermissions(permissions);

I feel the queue auto-creation feature of NServiceBus is better suited for development, not deployment.

Sam  2010-05-25 01:18:56
Yes, I ended up hearing something similar over on the NServiceBus group: http://tech.groups.yahoo.com/group/nservicebus/message/7391. Auto-creation of the queue is meant for a development, not production, environment, and we should create the queue ourselves and give it the permissions we need.
Amy T  2010-05-25 08:11:31

related questions

How do I read an MSMQ message from a VB6 app using .NET code?
BizTalk MSMQ userid and password in a bindings file
Why is the storage for MSMQ full when the queues themselves are empty?
Is it possible to execute SQL commands and send MSMQ messages in a TransactionScope?
Observer pattern with WCF MSMQ
Should I use MSMQ or SQL Service Broker for transactions?
Is MSMQ thread safe?
WCF over MSMQ problem
Architecting a Work Item Processing System with Modified FIFO Semantics in Windows
How to(if possible) delete message from MSMQ using Computer Management tools. WinXP
MSMQ Generic Messaging
How do you specify a message label when using WCF and NetMsmqBinding?
Access to remote computer's MSMQ gives "Remote computer is not available"
Performance Testing MSMQ Server
How do I use a remote MSMQ transactionally?
MSMQ samples in C++?
I want to log the Poison message that my wcf service is dropping using MSMQ 3.0 and windows 2003
What is the Best Way to Dynamically Create an MSMQ Listener?
Can you use WMI to create an MSMQ message queue (PRIVATE queue)?
WCF MSMQ - How do I handle message failure
Can I filter the messages I receive from a message queue (MSMQ) by some property? (a.k.a. topic)
What is the best free tool for managing MSMQ queues and messages?
MSMQ monitoring
Queue alternatives to MSMQ on Windows?
Multicasting, Messaging, ActiveMQ vs. MSMQ?