CODEWITHSUNDEEP
c#ibm-mq
advapi
advapi

Reputation: 3907

Strange problem with authentication on IBMMQ, it takes the running user ID

I've got a strange problem when I perform a push of a message in a queue. I've configured my application to read userid/password from app.config. when the message is put on the queue I got the username of the user that has run the application and it's the one of the .config file.

The code I use to create the MQQueueManager is

  private static readonly Lazy<MQQueueManager> lazy =
        new Lazy<MQQueueManager>(() =>
        {
            var properties = new Hashtable();

            var container = ContainerWrapper.Container;

            IConfiguration configuration = container.GetInstance<IConfiguration>();

            properties.Add(MQC.HOST_NAME_PROPERTY, configuration.GetValue<string>("HOST_NAME_PROPERTY"));
            properties.Add(MQC.PORT_PROPERTY, configuration.GetValue<int>("PORT_PROPERTY"));
            properties.Add(MQC.USER_ID_PROPERTY, configuration.GetValue<string>("USER_ID_PROPERTY"));
            properties.Add(MQC.PASSWORD_PROPERTY, configuration.GetValue<string>("PASSWORD_PROPERTY"));
            properties.Add(MQC.CHANNEL_PROPERTY, configuration.GetValue<string>("CHANNEL_PROPERTY"));


            MQQueueManager queueManager = new MQQueueManager(configuration.GetValue<string>("QUEUE_MANAGER_NAME"), properties);


            return queueManager;
        });

Am I missing something? Thanks in advance

Upvotes: 2

Views: 482

Answers (2)

user10554473
user10554473

Reputation: 1

You probably need to add another line to your properties.

Try (from memory so you will need to find the correct constant) USE_MQCSP_USERNAME_PASSWORD This should be a boolean and should be set to yes....

Add this to your properties, then create the queue manager with those properties.

Upvotes: -1

Morag Hughson
Morag Hughson

Reputation: 7525

In order for your connection to run as the user ID and password provided on the connect, you must configure the queue manager to check the user ID and password and also you must configure the queue manager to adopt the validated user ID.

DISPLAY QMGR CONNAUTH

The value in the CONNAUTH field is the name of an AUTHINFO object. If it is blank, user ID and password checking is not enabled. Set it to an appropriate object name.

ALTER QMGR CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)

Now look at the attributes of it.

DISPLAY AUTHINFO(name-from-connauth) ALL

If ADOPTCTK is set to NO, the the user ID will not be adopted as the connection's user ID, and so will not be seen in the message context.

ALTER AUTHINFO(name-from-connauth) AUTHTYPE(IDPWOS) ADOPTCTX(YES)

If you had to make any alterations, you must now issue this command.

REFRESH SECURITY TYPE(CONNAUTH)

Upvotes: 2

Related Questions