| Which inkjet brand is the most cost effiecient to run (ie, ink is cheaper and doesn't use too much up!) |
| HP |
|
100% |
[ 1 ] |
| Epson |
|
0% |
[ 0 ] |
| Lexmark |
|
0% |
[ 0 ] |
| Canon |
|
0% |
[ 0 ] |
|
| Total Votes : 1 |
|
| Author |
Message
|
| dunesand |
 Posted: Thu Jan 29, 2004 5:09 am Post subject: c# through .net dll over a web service returns 2035 |
 |
|
Acolyte
Joined: 17 Nov 2003
Posts: 65
Location: Cambridgeshire, UK
|
I'll stop hogging others threads with this issue! 
(all with MQ Series 5.3 fix pack 5, csd05)
I've got a Web Service that uses a amqmdnet.dll to access and put messages onto a queue on the server.
The code all works a treat as it's been hammered through a normal Windows service.
When the web service creates the q mgr, it fails with 2035 - NOT_AUTHORISED.
I understand that the IIS account is probably accessing this dll, and so is failing with these access rights. Is there a standard way of setting this all up?
Thanks for your time.
Daniel. |
|
| Back to top |
|
 |
| mqonnet |
| Posted: Thu Jan 29, 2004 6:02 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Well, you get a 2035 when the user trying to access the queue manager is not authorized. Just identify that user and define that user in the principal database and you are all set.
As for the specifics of what IIS does and which userid it sends, you have to investigate by yourself and i cannot throw any insights to it.
Cheers
Kumar |
|
| Back to top |
|
|
| dunesand |
| Posted: Thu Jan 29, 2004 6:09 am Post subject: |
|
|
Acolyte
Joined: 17 Nov 2003
Posts: 65
Location: Cambridgeshire, UK
|
Thanks for the reply, 
that's my point though...
I realise that the IIS account accessing MQ doesn't have rights to the Queue Managers. Other people are doing it, so there must be a way. I've been changing the user that the services are running under, and faffing about in IIS configuration, but no joy. 
Dan. |
|
| Back to top |
|
|
| mqonnet |
| Posted: Thu Jan 29, 2004 6:13 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Dan, i am afraid i cannot go into specifics as i havent touched that area in a long while. May be someone else who has used this config throws some light.
But the general rule is, if you define a userid with the same name as the one that is passed to MQ during connect on the destination qm, you should be able to connect and open MQ objects without any issues. Of course provided you have enough authority to do that as well.
Cheers
Kumar |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Thu Jan 29, 2004 6:45 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
Dan,
normally this type of error is reported in the windows eventviewer, are there any messages there that give you a clue on the userid?
Michael |
|
| Back to top |
|
|
| dunesand |
| Posted: Thu Jan 29, 2004 7:00 am Post subject: |
|
|
Acolyte
Joined: 17 Nov 2003
Posts: 65
Location: Cambridgeshire, UK
|
Michael,
Cheers for that, I got this...
| Quote: |
Entity 'aspnet' has insufficient authority to access object '<queuemanager>'.
The specified entity is not authorized to access the required object. The following requested permissions are unauthorized: connect
Ensure that the correct level of authority has been set for this entity against the required object, or ensure that the entity is a member of a privileged group.
|
aspnet is the account that the Web service will be using... How do I give it rights to access MQ?  |
|
| Back to top |
|
|
| mqonnet |
| Posted: Thu Jan 29, 2004 7:16 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
From my previous reply...
"Well, you get a 2035 when the user trying to access the queue manager is not authorized. Just identify that user and define that user in the principal database and you are all set.
"
Add aspnet as the userid on the destination system. Give specific authorizations to this userid using setmqaut or make it part of the mqm group, if you wish to grant all access.
Cheers
Kumar |
|
| Back to top |
|
|
| dunesand |
| Posted: Thu Jan 29, 2004 8:15 am Post subject: |
|
|
Acolyte
Joined: 17 Nov 2003
Posts: 65
Location: Cambridgeshire, UK
|
grand, progress!!! 
it's saying in the event log that aspnet doesn't have rights to the queue now??
I've tried to add it using setmqaut...
i got to combinations of something like "setmqaut -n <queuename> -t q -p aspnet +all +put"
and then when i couldn't get past this stage, added it to the user group. I didn't realise there was a MQM. Still no joy... 
Cheers for your help!
Dan. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Thu Jan 29, 2004 9:16 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| dunesand wrote: |
grand, progress!!!
i got to combinations of something like "setmqaut -n <queuename> -t q -p aspnet +all +put"
|
No offense Dan, but I hope for you this is a sandbox situation and you are learning!!! 
so you got on the Qmgr and are now stuck with the queue...
did your setmqaut for the queue respond with "succesful" or not?
unless the qmgr is the default one, you need to specify the -m Qmgrname on the setmqaut for the queue aswell...
next step is to check whether the IIS process actually reconnects... otherwise you are still stuck...
Happy hunting...
Michael |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu Jan 29, 2004 9:48 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
I would say 'Dude, where's your car?' but in this case, I believe it should be 'Dude, where's your MQAdmin?'
Until you find him/her, here is some info:
(1) First you need to grant the UserID access to connect to the Queue Manager
(2) Then you give access to the queue(s).
Also, do NOT use the '+ALL' attribute because it gives the user total authority, and they should probably not have it.
You have 4 things to do:
(1) Add a local user of aspnet to the box where the queue manager is running.
(2) Now to grant the UserID access to the queue manager, issue the following command on the server where the queue manager is running:
| Code: |
| setmqaut -m <queuename> -t qmgr -p aspnet +connect +inq |
(3) To grant the UserID access to a queue, issue the following command on the server where the queue manager is running:
| Code: |
| setmqaut -m <queuename> -t queue -p aspnet +allmqi |
Although, you may want to be more restrictive on the queue access and do:
| Code: |
| setmqaut -m <queuename> -t queue -p aspnet +inq +put |
(4) Now you need to refresh security. Go to the box and run the program runmqsc <queuename> and then input the following command
then type 'end' to exit runmqsc.
Regards,
Roger Lacroix
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| dunesand |
| Posted: Fri Jan 30, 2004 3:45 am Post subject: |
|
|
Acolyte
Joined: 17 Nov 2003
Posts: 65
Location: Cambridgeshire, UK
|
Thanks for your replies, I'll get on them...
Here's the "scope". I'm a software developer who's recently (last couple of month) been asked to get some framework working on MQ Series. So I downloaded the trial, and got cracking, knowing jack all about messaging in general, never mind IBM MQ.
We're only a little company (5), but our clients a huge food production manufacturer who decided IBM was the way to go.
I've never bothered with permissions and rights etc because I've never needed to, so know nothing about win 2000 access rights and user groups. 
Thanks for your help! |
|
| Back to top |
|
|
| dunesand |
| Posted: Fri Jan 30, 2004 4:04 am Post subject: |
|
|
Acolyte
Joined: 17 Nov 2003
Posts: 65
Location: Cambridgeshire, UK
|
Thanks for all your input guys. Managed to get it working! I think the only thing I wasn't doing was refreshing the security. I'm not bothered about access rights as it's a secure environment, but will still not use the "+all" option.
ChEeRs!
|
|
| Back to top |
|
|
| Michael Dag |
| Posted: Fri Jan 30, 2004 4:19 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
use amqoamd -m Qmgrname -s
to see what you set
You might have forgotten when the time comes to implement
Michael |
|
| Back to top |
|
|
|
|
