Microsoft KB Archive/259720

= How To Avoid Authentication with Queued Components =

Article ID: 259720

Article Last Modified on 12/5/2007

-

APPLIES TO


 * Microsoft COM+ 1.0
 * Microsoft COM+ 1.5

-



This article was previously published under Q259720



SUMMARY
This article describes how to use Queued Components without requiring Microsoft Message Queue (MSMQ) message authentication.



MORE INFORMATION
When you use Queued Components, method calls for an object are wrapped up in an MSMQ message. These messages are typically sent to the MSMQ queue on the server that is hosting the COM+ application. The COM+ application listener reads the messages and calls the components that are configured as queued.

By default, COM+ applications require authentication (they have an Authentication Level that is higher than None). This means that the COM+ application must be certain of &quot;who&quot; or &quot;what&quot; identity is making the calls.

When invoking an application through DCOM, authentication is achieved by NTLM and/or Kerberos. When using Queued Components, the only way to be certain a message comes from a known identity is to electronically sign the MSMQ message.

To avoid signing the MSMQ messages, you must set the COM+ Queued Component application to have an Authentication Level of &quot;None&quot;. This is done in the Security tab of the application's property sheet.

Then, do either of the following:  Re-export the COM+ Application Proxy to the clients. -or-

  Add AuthLevel=0 to the queue portion of the QC moniker (creation string), as in the following example: Set oQCShip = GetObject(&quot;queue:AuthLevel=0/new:QCSample.QCShip&quot;) 

