Message Queuing Security Services
Message Queuing provides the following security services:
Message authentication provides a way to ensure message integrity and a way to verify who sent the message. Authenticating for message integrity ensures that no one has tampered with the message or changed its content. When authentication is requested, the Message Queuing runtime digitally signs the message when it is sent, and the destination queue manager verifies the digital signature before it places the message in the destination queue. Once message integrity is established, Message Queuing verifies who sent the message.
Security descriptors provide a way to regulate access to queues using the access control model that governs access to all securable objects in Windows. According to this model, specific operations on queues can be restricted to specific users or groups of users, called trustees. The queue operations that can be restricted include creating, deleting, and opening the queue (for sending messages to and reading messages from the queue). Operations also include getting and setting the queue's properties and security descriptor.
Encryption services provides a secured channel for sending private, 40-bit or 128-bit encrypted messages throughout your enterprise. When private messages are sent, Message Queuing ensures that the body of the messages are kept encrypted from the moment they leave the source queue manager to the moment they reach their destination queue manager. An encrypted message can be decrypted only by the destination queue manager or a connector application.
Auditing services provides a way to audit access operations for the queues in your Message Queuing enterprise. The operations that you can audit include creating a queue, opening a queue, setting or retrieving queue properties, and deleting a queue.
Hardened MSMQ mode enhances the security of MSMQ 3.0 computers running on the Internet by supporting scenarios that employ only HTTP (SRMP) messages.