All geek questions in one place

MessageQueue.CanWrite always returns true

I have disabled permissions to send messages in the private queue, but MessageQueue.CanWrite never returns false . I can switch the permissions to receive messages, and the CanRead property responds as expected. Why CanWrite property CanWrite differently?

I tested this problem with several different AD users and the results were the same.

Is there a different approach to checking if a particular user account can send a message to a specific remote private queue?

 public class SendBehavior : IMsmqRuleBehavior { public bool Validate(string queuePath) { using (var queue = new MessageQueue(queuePath, QueueAccessMode.Send)) { return queue.CanWrite; } } } public class ReceiveBehavior : IMsmqRuleBehavior { public bool Validate(string queuePath) { using (var queue = new MessageQueue(queuePath, QueueAccessMode.Receive)) { return queue.CanRead; } } }
+6
source share
1 answer

From what I can tell, this behavior is for MessageQueue.CanWrite . If you delve deep enough into the courage of the MessageQueue class, you will find that it creates some helper objects that affect the value of this property as follows:

  • If you pass QueueAccessMode.Send (or SendAndReceive ), an auxiliary access mode helper will be created that returns true if (this.accessMode & QueueAccessMode.Send) != (QueueAccessMode)0 .

  • If # 1 is true , he tries to open the queue to cache it using the access and sharing mode that you requested. At this point, the native MQOpenQueue method is MQOpenQueue , which has the following notes (emphasis mine):

    If the permissions to open a queue in the requested mode are not allowed for the calling application, the following two things can happen:

    • If dwAccess set to MQ_SEND_ACCESS , MQOpenQueue will succeed , but errors will be returned when the application tries to send a message.
    • If dwAccess set to MQ_PEEK_ACCESS or MQ_RECEIVE_ACCESS , MQOpenQueue will fail and return MQ_ERROR_ACCESS_DENIED (0xC00E0025). In this case, the queue descriptor is not returned in phQueue .

Therefore, given a QueueAccessMode.Send (or SendAndReceive ) with a valid queue name and sharing mode, I understand that CanWrite will return true even if you really do not have access to send the message.

It looks like you will only get CanWrite == false only when:

  • You are passing a QueueAccessMode that is not Send or SendAndReceive .
+3
source

Source: https://habr.com/ru/post/951057/

More articles:


All Articles