| Author |
Message
|
| crayon_coco |
 Posted: Tue Oct 14, 2003 8:00 pm Post subject: How to use the Alternate UserID to connect to queue manager |
 |
|
Apprentice
Joined: 08 Oct 2003
Posts: 33
|
There's is a AlternateUserID property in the queue manager class, but i do i set the AlternateUserID so that the ID is used to connect to the queue manager instead of the default id on the client machine
Thanks! |
|
| Back to top |
|
 |
| mqonnet |
| Posted: Wed Oct 15, 2003 4:46 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Yes. Thats precisely what you do.
Also remember to add MQC.MQOO_ALTERNATE_USER_AUTHORITY to your open options so as to tell the QMGR that you dont want to use the logon userid for authentication but instead you would like to use this alternate userid.
Cheers
Kumar |
|
| Back to top |
|
|
| crayon_coco |
| Posted: Wed Oct 15, 2003 4:50 pm Post subject: |
|
|
Apprentice
Joined: 08 Oct 2003
Posts: 33
|
Yes, this is what i tried by using the MQC.MQOO_ALTERNATE_USER_AUTHORITY
and i get the expection with CompCode: 2, Reason: 2046
which means MQRC_OPTIONS_ERROR
seems like i can't uses the option error here
this is my code
MQQueueManager queueManager = new MQQueueManager("QManger",MQC.MQOO_ALTERNATE_USER_AUTHORITY,"CHANNEL","IPAddress");
any solution for this? thanks! |
|
| Back to top |
|
|
| mqonnet |
| Posted: Thu Oct 16, 2003 5:08 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Well, if the code that you posted is what you are actually using. Then yes, you would get that error. Because you never asked the queue manager to open the queue either for input or output. You just specified that you want an anternate userid to be used for authentication.
Either add MQC.MQOO_OUTPUT or MQC.MQOO_INPUT_SHARED/EXCLUSIVE etc for putting/getting respectively and your code should work fine.
Cheers
Kumar |
|
| Back to top |
|
|
| crayon_coco |
| Posted: Thu Oct 16, 2003 11:01 pm Post subject: |
|
|
Apprentice
Joined: 08 Oct 2003
Posts: 33
|
Thanks for the reply
i tried changing the code as you mention as below
MQQueueManager queueManager = new MQQueueManager("QManager",MQC.MQOO_OUTPUT + MQC.MQOO_ALTERNATE_USER_AUTHORITY,"CHANNEL","IPAddress");
i still get the same error message which is CompCode: 2, Reason: 2046
which means MQRC_OPTIONS_ERROR
can't i use the Alternate User ID ?
thanks! |
|
| Back to top |
|
|
| harwinderr |
| Posted: Fri Oct 17, 2003 1:31 am Post subject: |
|
|
Voyager
Joined: 29 Jan 2002
Posts: 90
|
Looks like there is some confusion here....
You cant use MQC.MQOO_ALTERNATE_USER_AUTHORITY option while constructing a new QMgr.
The only options you can specify are
MQC.MQCNO_FASTPATH_BINDING for fast bindings.
MQC.MQCNO_STANDARD_BINDING for normal bindings.
For using the AlternateUserID property, you have to use the QMgr.accessQueue() method.
So you can give
queueManager.accessQueue(QueueName,
MQC.MQOO_OUTPUT + MQC.MQOO_ALTERNATE_USER_AUTHORITY,
null, null, "Alternate User");
Hope it helps  |
|
| Back to top |
|
|
| MichaelR |
| Posted: Fri Oct 17, 2003 11:57 am Post subject: Alternate User Id |
|
|
Apprentice
Joined: 20 May 2002
Posts: 37
Location: Tampa
|
Actually you can "open" or "connect" to a QMgr using AltUsrId. However, if I read the code sample correctly, you are attempting to open a QMgr object for "output". I think that's the cause of your options error.
The following is a pseudo code snippet of how to Set AltUsrId using the ActiveX class:
*********************************
DCLFLD QMgr Type(MQAX200.MQQueueManager)
MQFMT_STRING = "MQSTR" // defines messages data type as string
TargetQ = "SYSTEM.DEFAULT.LOCAL.QUEUE" // Using IBM supplied Queue
UserId = *APP.Environment["USERNAME"]
QueueMgr = "" // Using Default Queue Manager
// * Set our Alt User Id for MQCONN
QMgr.AlternateUserId = UserId
// * Access Queue Manager (MQCONN)
QMgr.Name = QueueMgr
QManager = QMgr.name // Retrieve resolved QMgr name value.
|
|
| Back to top |
|
|
| MichaelR |
| Posted: Fri Oct 17, 2003 12:03 pm Post subject: AltUserId (correction) |
|
|
Apprentice
Joined: 20 May 2002
Posts: 37
Location: Tampa
|
My bad...but I accidently omitted an instruction in the code snippet.
The correct sampe should read.....
*********************************
DCLFLD QMgr Type(MQAX200.MQQueueManager)
MQFMT_STRING = "MQSTR" // defines messages data type as string
TargetQ = "SYSTEM.DEFAULT.LOCAL.QUEUE" // Using IBM supplied Queue
UserId = *APP.Environment["USERNAME"]
QueueMgr = "" // Using Default Queue Manager
// * Set our Alt User Id for MQCONN
QMgr.AlternateUserId = UserId
// * Access Queue Manager (MQCONN)
QMgr.connect() * Forgot this very important instruction.. 
QMgr.Name = QueueMgr
QManager = QMgr.name // Retrieve resolved QMgr name value
 |
|
| Back to top |
|
|
| crayon_coco |
| Posted: Mon Oct 20, 2003 2:16 am Post subject: |
|
|
Apprentice
Joined: 08 Oct 2003
Posts: 33
|
i am using the mqseries classes for .net and i do no know how the activeX works.
ok i tried to use the set alternateUserID in access queue method but it seems like the connection to the queue manager is open during the instantiation which will take the default user id, that's where the error occur, the default user id does not exist in my as/400 i want to use another user id instead, how do i do that?
thanks! |
|
| Back to top |
|
|
| Rls65 |
| Posted: Thu Jan 29, 2004 7:43 am Post subject: |
|
|
Newbie
Joined: 29 Jan 2004
Posts: 7
|
Looks nice but could somebody giv eth esame sample in C#!
I do not understand how to access the Queuemanager structure if I haven't created a new instance of QMQueueManager.
Plzzzz HELP!!! |
|
| Back to top |
|
|
| crayon_coco |
| Posted: Thu Jan 29, 2004 5:19 pm Post subject: |
|
|
Apprentice
Joined: 08 Oct 2003
Posts: 33
|
My code is in c# but i couldn't figure up how to use the alternate user id, so i make a trick by creating a userid "ASPNET" in the mqserver and it works! this is because it use the default user which is my aspnet worker process. but i will have the problem if i am not using aspx program to cnnect to the queue manager
anyway below is my code, as you can see the queue manager will check for the user ID when you instantiate the MQQueueManager, but you can only specify the alternate user id when accessing the queue, i tried the open queue options but it doesn't work
private MQQueueManager queueManager;
queueManager = new MQQueueManager("QMgrName","ChannelName","IPAddress");
// Put Message
MQMessage queueMessage = new MQMessage();
queueMessage.WriteString("MessageTest");
queueMessage.Format = MQC.MQFMT_STRING;
MQPutMessageOptions queuePutMessageOptions = new MQPutMessageOptions();
queue = queueManager.AccessQueue(queueName, MQC.MQOO_OUTPUT + MQC.MQOO_FAIL_IF_QUIESCING);
queue.Put( queueMessage, queuePutMessageOptions ); |
|
| Back to top |
|
|
| JasonE |
| Posted: Fri Jan 30, 2004 7:05 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
You cant do the connect phase with a different userid (without using security exits or something similar) in any language other than java or some select old MQ Clients. In all modern clients, the userid is the signed on userid and there is nothing you can do about it.
In Java there is an MQEnvironment.userid, and that is allowed because in an applet world you cannot query the system username property.
As far as I know, altuser is only applicable after the connect (ie the signed on userid needs altusr authority). |
|
| Back to top |
|
|
| Rls65 |
| Posted: Mon Feb 02, 2004 12:36 am Post subject: |
|
|
Newbie
Joined: 29 Jan 2004
Posts: 7
|
Thanks a lot for all your help!!
I think I have to solve it by using the same Service account in all systems.
|
|
| Back to top |
|
|
| techno |
| Posted: Fri Sep 30, 2005 9:55 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
Continuing on using alternate userid,
What are the preconditions to use alternate userid in an application? If it lets me to do, without any preconditions, it is security hole, right? I can just put mqm user id and do everything. Please throw some light .. |
|
| Back to top |
|
|
| wschutz |
| Posted: Fri Sep 30, 2005 10:11 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
Read up on security. You need the right type of permissions (in either OAM or RACF/TopSecret &c) to open a queue with the AlternateUserid option.
_________________
-wayne |
|
| Back to top |
|
|
|
|
