| Author |
Message
|
| anveshita |
 Posted: Mon Oct 26, 2009 2:36 pm Post subject: Connecting to MQ using .NET |
 |
|
Master
Joined: 27 Sep 2004
Posts: 254
Location: Jambudweepam
|
Hello:
I am new to .NET with MQ. Did this with Java for a while..NET too new to me.
I have written a .NET program and added amqmdnet.dll as a REFERENCE. following is my .net snippet This is similar to the vmqsput.vb program that comes with mqclient.
queueManager="QM1"
channelName="SYSTEM.DEFAULT.SVRCONN"
Connectionname="IP(1414)"
mqQMgr = New MQQueueManager(queueManager, channelName, connectionName)
I am getting a 2035 error. It could be that my windows ID is passed to UNIX box where my QM exists and hence failing to connect.
Here are my questions:
1. I am not sure if I am using a managed connection. How do I Know if I am using Managed connection? 
2.I have MQ client installed on my machine, if that is what is needed to get over the issue, but not sure what options I need to use in my vb.net program
Any help is appreciated . |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon Oct 26, 2009 5:10 pm Post subject: Re: Connecting to MQ using .NET |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| anveshita wrote: |
| 1. I am not sure if I am using a managed connection. How do I Know if I am using Managed connection? |
Because you've selected that type of connection in your code. The documentation describes this.
| anveshita wrote: |
| 2.I have MQ client installed on my machine, if that is what is needed to get over the issue, but not sure what options I need to use in my vb.net program |
It's not a direct fix to the problem, but it's a possible solution. The documentation describes an number of ways to pass user ids to the queue manager.
Alternatively you could define a new SVRCONN with the proper id in MCAUser and use that.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| anveshita |
| Posted: Mon Oct 26, 2009 6:43 pm Post subject: |
|
|
Master
Joined: 27 Sep 2004
Posts: 254
Location: Jambudweepam
|
Vitor:
Thanks. Per my earlier code I did not set the MQC.TRANSPORT_MQSERIES_CLIENT or MQC.TRANSPORT_MQSERIES_MANAGED. I was thinking since client was installed on my machine MQC.TRANSPORT_MQSERIES_CLIENT was the default.Anyways I have modified my code as follows
--
| Code: |
Dim envr As New Hashtable
envr.Add(MQC.CHANNEL_PROPERTY, "SYSTEM.ADMIN.SVRCONN")
envr.Add(MQC.PORT_PROPERTY, Int(1414))
envr.Add(MQC.HOST_NAME_PROPERTY, "myhost")
envr.Add(MQC.USER_ID_PROPERTY, "user123")
envr.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_CLIENT)
envr.Add(MQC.PASSWORD_PROPERTY, "password")
mqQMgr = New MQQueueManager("MyQMgr", envr) |
---------
Still getting 2035 error.
You indicated
| Quote: |
| It's not a direct fix to the problem, but it's a possible solution. The documentation describes an number of ways to pass user ids to the queue manager. |
Do you have alink or specic document that shows different options. Searched infocenter and google, but could not find the right one
As regards to changing the MCAUSR option, that may not fly by my admins as we use 99% java which does not need this and they need to make this change for 1% of .NET
Please let me know |
|
| Back to top |
|
|
| ucbus1 |
| Posted: Tue Oct 27, 2009 6:51 am Post subject: |
|
|
Knight
Joined: 30 Jan 2002
Posts: 560
|
Anveshita:
Yes I was in the same situation. Unfortunately IBM samples assume ONE of the following:
1. you have a queue manager on your windows machine
or
2. You are a local admin on your machine and your ID can be defined on the UNIX box( where your remote QM) resides, the UNIX admin/MQ admin can ADD your local admin id to the unix MQ User groups. Usually the apps run under Widnows domain id ( USA/anveshita) and unix id could be a1234er and no mapping can be done easily eventhough they represent the same person. Seems like some one wants to sell special products like TIM/TAM type of products
3. I wish MQ community can provid some working samples for .NET folks.
In the mean time please take a look at the following option
http://support.microsoft.com/kb/306158#3
If you are still lost, I may have some working example I can send you later today. |
|
| Back to top |
|
|
| Sam Uppu |
| Posted: Tue Oct 27, 2009 10:38 am Post subject: |
|
|
Yatiri
Joined: 11 Nov 2008
Posts: 610
|
Your MQ Admin is able to place a low privileged userid in MCAUSER field of SVRCONN channel which exists on the Unix machine. There is no need to be the windows domain id exist on Unix box.
Whatever userid you pass or no pass, MQ will replace it with the id filled in MCAUSER of SVRCONN channel. |
|
| Back to top |
|
|
| anveshita |
| Posted: Thu Oct 29, 2009 5:40 am Post subject: |
|
|
Master
Joined: 27 Sep 2004
Posts: 254
Location: Jambudweepam
|
Sam:
If I understand correctly your solution to set
| Code: |
| a low privileged userid in MCAUSER field of SVRCONN channel which exists on the Unix machine. |
Is it not a security risk? If I am correct it will be in plain text and anyone and everyone in the organization would be able to put the messages to the queue. I am not an security expert, but that is what I think.
Can anyone add for/against my opinion of the above solution.
ucbus:
Thanks for the suggestions. I am looking into the personalization. A code sample is always appreciated  |
|
| Back to top |
|
|
| Sam Uppu |
| Posted: Thu Oct 29, 2009 7:04 am Post subject: |
|
|
Yatiri
Joined: 11 Nov 2008
Posts: 610
|
| anveshita wrote: |
Sam:
If I understand correctly your solution to set
| Code: |
| a low privileged userid in MCAUSER field of SVRCONN channel which exists on the Unix machine. |
Is it not a security risk? If I am correct it will be in plain text and anyone and everyone in the organization would be able to put the messages to the queue. I am not an security expert, but that is what I think.
|
Yes. You are correct on that. If anybody is having MQ client on their machine and knows the QM, SVRCONN channel and queue names anybody can put the msgs. Thatswhy we specify the low privileged user in MCAUSER who can do only put/ get/ browse as needed. NO delete/ set/ setall
To restrict who should able to access MQ, you should either use SSL or security exits(like BlockIP2 or others) or IBM's Extended security edition which provides authentication at msg level. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Oct 30, 2009 6:21 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| anveshita wrote: |
Sam:
If I understand correctly your solution to set
| Code: |
| a low privileged userid in MCAUSER field of SVRCONN channel which exists on the Unix machine. |
Is it not a security risk? If I am correct it will be in plain text and anyone and everyone in the organization would be able to put the messages to the queue. |
Only on the queue(s) for which that user is authorised. You wouldn't define a generic id and apply it across the system. This is often good enough for a queue manager internal to the organisation (seriously!).
But as my associate correctly points out, this is why IBM makes the Extended Security Edition, includes SSL support in the base product & there are commerical / open source applications.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
