0

Here is my scenario Server 1 is on the internal network(in domain) Server 2 is in a DMZ(outside domain)

Server 2 has a private MSMQ that server 1 needs to access. Server 1 request MQ access via a C# console app

My problem is this: How can i create proper security on the MQ(server 2)? Currently I have added a local user with the correct permission, but I cant seem to get C# to impersonate a local user on another server(that properly fair enough)

Any ideas how to autenticate as local user from server 1? Or is there another way to get some decent security on the MQ on server 2.

This is currently my C# code but it do not work as the user cannot be validated on server 1

 var credentials = new UserCredentials("ServerIP", "User", "PASSWORD");
        Impersonation.RunAsUser(credentials, LogonType.NetworkCleartext, () =>
        { 
           using (MessageQueue messageQueue = new MessageQueue(mqPath))
            {  //do stuff to MQ}
        }
Birger
  • 349
  • 1
  • 4
  • 18
  • Honestly, if you can send messages between the servers then make a request/response for the information you want. Remote access to a queue is problematic if you're not using domain users. I managed to get remote access to WMI in order to query MSMQ, using a local user on the remote machine, but it was a pain. If you can simply request the information and have your own application send it then you'll find that a lot less painful. – Reinstate Monica Cellio Oct 29 '19 at 12:02
  • @Archer I've created a webservice on server 2 that can call the MQ and be called from server 1 - This seems to be to only usefull solution – Birger Oct 30 '19 at 08:58
  • 1
    I'd say that's a decent solution - either that or a WebApi. It's much easier to maintain security and it's not giving full access to all the methods of MSMQ - just the functions you expose via your service. – Reinstate Monica Cellio Oct 30 '19 at 12:24

0 Answers0