从.NET连接到MQ系列

本文介绍了从.NET连接到MQ系列的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

有与此类似的问题，但不完全相同...

There are similar questions to this one, but not quite the same...

我有一个使用amqmdnet.dll的C#程序(来自9.0.1.0 MQC Redist)要连接的代码是:

I have a C# program that is using amqmdnet.dll (from 9.0.1.0 MQC Redist)The code to connect is:

Hashtable mqProperties = new Hashtable();
mqProperties.Add(MQC.CHANNEL_PROPERTY, channelName);
mqProperties.Add(MQC.HOST_NAME_PROPERTY, hostname);
mqProperties.Add(MQC.PORT_PROPERTY, port);
queueManager = new MQQueueManager(strQueueManagerName, mqProperties);

它可以正常工作并写入队列.我假设它会从Windows中获取我当前的登录ID.

It works fine and writes to the queue. I assume it picks up my current login id from Windows.

当我在IIS上运行相同的代码时，它会连接但在尝试写入Queue时失败，并显示auth错误2035.我认为这是因为IIS以不同的用户ID运行.

When I run the same code on IIS, it connects but fails with an auth error 2035 when trying to write to the Queue.I assume this is because IIS is running as a different user-id.

我尝试添加:

mqProperties.Add(MQC.USER_ID_PROPERTY, "myuserid");
mqProperties.Add(MQC.PASSWORD_PROPERTY, "mypassword");

，但它不起作用.尝试"mydomain \ myuserid"也不起作用.其他一些文章提到MQ需要Windows SID.我尝试使用该字符串，但这也不起作用.

and it did not work. Trying "mydomain\myuserid" did not work either. Some other posts mentioned that MQ needs the Windows SID. I tried using that string, but that did not work either.

在这一点上，我正在研究这个问题，所以我不想让管理员在MQ服务器端设置新的用户ID.考虑到这一点，当我以IIS用户身份运行时，是否可以通过任何方式登录，但需要传递我的用户名/密码或其他凭据才能完成此工作?

At this point, I am playing with this, so I'd prefer not to ask the admins to set up a new userid on the MQ server side. With this in mind, is there any way I can login when running under the IIS user, but pass in my userid/password or some other credential to make this work?

推荐答案

如果队列管理器为v8.0或更高版本，并且配置为使用CONNAUTH并设置了ADOPTCTX(YES)，则可以显示ID和密码.如果没有此设置，则.NET客户端的UserId和Password属性中显示的值将被忽略.

If the queue manager is v8.0 or later and is configured to use CONNAUTH and has ADOPTCTX(YES) set you can present an id and password. If it does not have this set then the value presented in the UserId and Password property of a .NET client will be ignored.

IBM developerWorks MQdev博客文章" MQCSP密码MQ V8中的保护详细介绍了如何使用多种语言来执行此操作."

A IBM developerWorks MQdev blog post "MQCSP Password Protection in MQ V8 has details on how to do this in various languages."

对于.NET，除了将MQC.USE_MQCSP_AUTHENTICATION_PROPERTY设置为true之外，您应该可以使用现有功能:

For .NET you should be able to use what you have with the addition of the MQC.USE_MQCSP_AUTHENTICATION_PROPERTY set to true:

mqProperties.Add(MQC.USER_ID_PROPERTY, "myuserid");
mqProperties.Add(MQC.PASSWORD_PROPERTY, "mypassword");
mqProperties.Add(MQC.USE_MQCSP_AUTHENTICATION_PROPERTY, true);

然后，队列管理器将对此ID进行身份验证.如果队列管理器设置为ADOPTCTX(YES)，则它将始终使用经过身份验证的ID进行OAM检查.如果将其设置为ADOPTCTX(NO)，它将仍然使用该进程正在运行的ID来执行OAM检查.强烈建议将其设置为ADOPTCTX(YES).

The queue manager will then authenticate this ID. If the queue manager is set with ADOPTCTX(YES) then it will always use the authenticated ID for OAM checks. If it is set to ADOPTCTX(NO) it will still use the ID the process is running under to perform OAM checks. It is highly recommended that this be set to ADOPTCTX(YES).

更新2017/02/20 :

与评论有关，我可以看到它可能已被管理员关闭，因此MQ依赖于较大的组织SSO基础结构."无需设置CONNAUTH和ADOPTCTX(YES)，您可以通过通道声明要任何的ID.如果没有CHLAUTH规则来阻止管理用户，那么您无需任何身份验证即可获得完整的MQ管理权限.

Related to the comment "I can see that it might be turned off by admins so that MQ relies on the larger organizational SSO infrastructure.". Without setting up CONNAUTH and ADOPTCTX(YES) you can assert any id you want to over the channel. If a CHLAUTH rule is not in place to block administrative users then you can obtain full MQ administrative authority without any form of authentication.

这篇关于从.NET连接到MQ系列的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！