如何以编程方式在专用MSMQ队列上设置权限设置以进行远程访问?
[英]How to programmatically set Permission settings on private MSMQ queue for remote access?
问题描述
As part of an application I'm developing, Im trying to make use of Microsoft Message Queueing functionality and im having trouble with permission settings. 
作为我正在开发的应用程序的一部分,我试图利用Microsoft消息队列功能,但遇到权限设置问题。
I want to create a queue and send messages to it on a server computer and access it from a client computer over the local network. 我想创建一个队列,并在服务器计算机上向它发送消息,然后通过本地网络从客户端计算机访问它。 Both computers (both Windows 7 Home Premium) are on the same LAN network and are able to ping to each other. 两台计算机(均为Windows 7 Home Premium)都在同一LAN网络上,并且能够相互ping通。 I will know the exact path of the created queue, so I guess private queues are ok. 我将知道所创建队列的确切路径,所以我猜私有队列是可以的。
Im basing my code on this example and use IronPython to access the MessageQueue class from the System.Messaging namespace. 我将代码基于此示例,并使用IronPython从System.Messaging命名空间访问MessageQueue类 。 The send & receive setup from the example works to create a queue and send it a message in one console: 该示例中的发送和接收设置可在一个控制台中创建队列并向其发送消息:
>>> localQueue = MessageQueue.Create('.\\private$\\testQueue')
>>> localQueue.FormatName
'DIRECT=OS:<clientMachineName>\\private$\\testQueue'
>>> localQueue.Send('hello from other console')
and then access the queue and peek at it in another console by the following code: 然后通过以下代码访问该队列并在另一个控制台中进行查看:
>>> SemiRemoteQueue = MessageQueue('FormatName:Direct=OS:<clientMachineName>\\private$\\testQueue')
>>> SemiRemoteQueue.Peek()
<System.Messaging.Message object at 0x000000000000002F [System.Messaging.Message
]>
When I create a new queue on the server computer, I seem to be able to establish a connection from the client computer, but fail to get any message data from it. 当我在服务器计算机上创建新队列时,似乎可以从客户端计算机建立连接,但是无法从该计算机获取任何消息数据。 Peeking from client to queue created at server, gives the following 'Access denied' error message: 从客户端浏览到在服务器上创建的队列,将显示以下“访问被拒绝”错误消息:
>>> ReallyRemoteQueue = MessageQueue('FormatName:Direct=OS:<serverMachineName>\\private$\\remoteTestQueue')
>>> ReallyRemoteQueue.Peek()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
EnvironmentError: System.Messaging.MessageQueueException (0x80004005): Access to
Message Queuing system is denied.
at System.Messaging.MessageQueue.MQCacheableInfo.get_ReadHandle()
at System.Messaging.MessageQueue.StaleSafeReceiveMessage(UInt32 timeout, Int3
2 action, MQPROPS properties, NativeOverlapped* overlapped, ReceiveCallback rece
iveCallback, CursorHandle cursorHandle, IntPtr transaction)
at System.Messaging.MessageQueue.ReceiveCurrent(TimeSpan timeout, Int32 actio
n, CursorHandle cursor, MessagePropertyFilter filter, MessageQueueTransaction in
ternalTransaction, MessageQueueTransactionType transactionType)
at System.Messaging.MessageQueue.Peek()
at Microsoft.Scripting.Interpreter.FuncCallInstruction`2.Run(InterpretedFrame
frame)
at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame frame)
at Microsoft.Scripting.Interpreter.LightLambda.Run3[T0,T1,T2,TRet](T0 arg0, T
1 arg1, T2 arg2)
at IronPython.Compiler.Ast.CallExpression.Invoke0Instruction.Run(InterpretedF
rame frame)
at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame frame)
at Microsoft.Scripting.Interpreter.LightLambda.Run2[T0,T1,TRet](T0 arg0, T1 a
rg1)
at IronPython.Compiler.PythonScriptCode.RunWorker(CodeContext ctx)
at IronPython.Compiler.PythonScriptCode.Run(Scope scope)
at IronPython.Hosting.PythonCommandLine.<>c__DisplayClass1.<RunOneInteraction
>b__0()
I've found that accessing remote private MSMQ queues should be possible, but can't figure out how to set the right permissions. 我发现应该可以访问远程专用MSMQ队列,但无法弄清楚如何设置正确的权限。 I have allowed MSMQ in Firewall settings and even tried with firewall turned off. 我已经在防火墙设置中允许使用MSMQ,甚至尝试关闭防火墙。 Found some discussion about applying permission settings to queue files but this doesn't help as I dont have queue files that have the security settings working for them. 找到了一些有关将权限设置应用于队列文件的讨论,但这无济于事,因为我没有具有适用于它们的安全设置的队列文件。 I haven't gotten round trying the option of given full access to 'Anonymous Logon' as has been suggested, but would eventually like to set permissions programmatically (in code), not in files' context menus. 我还没有尝试过建议完全授予“匿名登录”访问权限的选项,但最终还是希望通过编程方式(在代码中)而不是在文件的上下文菜单中设置权限。 Should I use the SetPermissions method in the MessageQueing Class (http://msdn.microsoft.com/en-us/library/dd48yz36(v=vs.80))? 我应该在MessageQueing类(http://msdn.microsoft.com/zh-cn/library/dd48yz36(v=vs.80))中使用SetPermissions方法吗? How do I specify its parameters? 如何指定其参数?
Thanks for any suggestions! 感谢您的任何建议!
2 个解决方案
解决方案1
3 2013-09-19 04:40:13
localQueue.SetPermissions("Everyone", MessageQueueAccessRights.FullControl, AccessControlEntryType.Allow);
"Everyone" could be any domain account eg "Domain\\MyUserName" “每个人”可以是任何域帐户,例如“ Domain \\ MyUserName”
解决方案2
1 2012-06-19 09:16:26
You will need in the first instance to give the 'Anonymous Logon' the rights to receive messages from the queue. 首先,您需要授予“匿名登录”权限,以从队列接收消息。
I use this (C#) code for setting permissions which I found here : 我使用此(C#)代码设置权限,该代码在这里找到:
AccessControlList acl = new AccessControlList();
Trustee owner = new Trustee(WindowsIdentity.GetCurrent().Name, Environment.MachineName, TrusteeType.User);
MessageQueueAccessControlEntry aceOwner = new MessageQueueAccessControlEntry(owner, MessageQueueAccessRights.FullControl);
acl.Add(aceOwner);
messageQueue.SetPermissions(acl);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.