Accessing MSMQ from Web Service
-
I have written a web service that reads from a message queue. This works fine under Cassini. Now that I have deployed the service under IIS, I receive an error message when the service tries to access the queue: The queue does not exist or you do not have sufficient permissions to perform the operation. I have set the anonymous access user on the IIS virtual directory to be my own domain account, which is a member of the administrators group on the local machine. I have granted this same user full permissions on the queue, as well as NETWORK SERVICE and ASPNET. I still get the same error message (The queue does exist and the spelling is correct). I have also tried disabling anonymous access on the virtual directory and connecting to the service using my own login details - to no avail. Any help with this problem will be greatly appreciated! I have also tried various combinations of: Windows authentication, impersonation, local users, domain users, all of them having full permissions on the queue. I have added permissions for the user and ASPNET on the MSMQ store folders on C:\
-
I have written a web service that reads from a message queue. This works fine under Cassini. Now that I have deployed the service under IIS, I receive an error message when the service tries to access the queue: The queue does not exist or you do not have sufficient permissions to perform the operation. I have set the anonymous access user on the IIS virtual directory to be my own domain account, which is a member of the administrators group on the local machine. I have granted this same user full permissions on the queue, as well as NETWORK SERVICE and ASPNET. I still get the same error message (The queue does exist and the spelling is correct). I have also tried disabling anonymous access on the virtual directory and connecting to the service using my own login details - to no avail. Any help with this problem will be greatly appreciated! I have also tried various combinations of: Windows authentication, impersonation, local users, domain users, all of them having full permissions on the queue. I have added permissions for the user and ASPNET on the MSMQ store folders on C:\
BillyGoatGruff wrote:
The queue does not exist or you do not have sufficient permissions to perform the operation. I have set the anonymous access user on the IIS virtual directory to be my own domain account, which is a member of the administrators group on the local machine. I have granted this same user full permissions on the queue, as well as NETWORK SERVICE and ASPNET.
Do the following : 1. Create A
Application PoolIn IIS (Say MSMQWEBAppPool) 2. Change theIdentityof Application Pool ToLocal System( Default > NetworkService ) 3. Write Click You Virtual Directory, Select the MSMQWEBAppPool Application Pool fromApplication Pool Dropdown list. 4. Click on Apply. Then Test your application. Its is because, by default your you web sites run under default application pool, which identity is "Network Service" and which has very minimum privilege on the server. Local System having the higher privilege on you system. You may face the same problem, while loogin error on Event viewer :) So, Try, and Let me know the result. Hope this will help you :)cheers, Abhijit CodeProject MVP
-
BillyGoatGruff wrote:
The queue does not exist or you do not have sufficient permissions to perform the operation. I have set the anonymous access user on the IIS virtual directory to be my own domain account, which is a member of the administrators group on the local machine. I have granted this same user full permissions on the queue, as well as NETWORK SERVICE and ASPNET.
Do the following : 1. Create A
Application PoolIn IIS (Say MSMQWEBAppPool) 2. Change theIdentityof Application Pool ToLocal System( Default > NetworkService ) 3. Write Click You Virtual Directory, Select the MSMQWEBAppPool Application Pool fromApplication Pool Dropdown list. 4. Click on Apply. Then Test your application. Its is because, by default your you web sites run under default application pool, which identity is "Network Service" and which has very minimum privilege on the server. Local System having the higher privilege on you system. You may face the same problem, while loogin error on Event viewer :) So, Try, and Let me know the result. Hope this will help you :)cheers, Abhijit CodeProject MVP
Thanks Abhijit, Your understanding of the problem is pretty close, in that the process trying to execute the code is running as a different under IIS than it does under Cassini. I am using IIS 5.0 and so I cannot create a separate app pool, although I can alter bay various means the user that the code runs as. The problem was that regardless of which user I ran it as - I always got the same error message - even when the user was a member of the local and domain administrator groups, and this user had full permissions on the queue. i.e. It is barely possible to assign more rights to a user. It turns out, that using a FormatName for the queue, rather than a path name (myMachine\queueName) has solved the problem... FormatName:DIRECT=OS:myMachine\myQueue I am uncertain as to exactly why this is the case. Reading up has showed that when a path name is used, there is a necessity for an AD lookup, and although I think that the users that I have been testing with should have rights to do this, perhaps there is something missing. However the immediate problem is solved and that's good enough for me. Thanks very much for your response.