Represents the security context for a message in a queue.
Assembly: System.Messaging (in System.Messaging.dll)
Thetype exposes the following members.
|Dispose||Releases all resources used by the .|
|Equals(Object)||Determines whether the specified object is equal to the current object. (Inherited from Object.)|
|GetHashCode||Serves as the default hash function. (Inherited from Object.)|
|GetType||Gets the Type of the current instance. (Inherited from Object.)|
|ToString||Returns a string that represents the current object. (Inherited from Object.)|
The security context contains cached security information such as an internal certificate, the corresponding private key, the user's SID, needed to attach a certificate and the sender identifier to a message when requesting authentication.
If a client, such as an ASP.NET application, impersonates a user to send a message to a queue, the identity of the user is used to access the queue. If the queue is remote, these credentials are cached and used for messages that are subsequently sent to the queue. Therefore, the SID in subsequent messages will be the cached identity of the first user that sent a message to the queue. The cached identity of the first user that sent a message to the queue will be used for subsequent users.
To overcome this problem, set the security context using SecurityContext before sending a message to a remote queue to ensure that the current user's credentials are used to gain access to the queue. However, the suggested best practice is to:
Make the queue an authenticated queue.
Run the ASP.NET application as a domain identity and authorize that application to write to the queue.
Do not impersonate the user when using the queue. Instead, get the caller’s identity and either perform authorization checking in the ASP.NET application or include the caller’s identity as part of the message and perform authorization checking in the receiver application.