Share via


Authentication for Message Queuing

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Authentication for Message Queuing

The following sections describe the various types of authentication available for Message Queuing.

Server authentication

Server authentication is used by clients to authenticate queries sent to domain controllers and Message Queuing servers. A client can verify that the query results have not been tampered with and that the results were returned by the correct domain controller or Message Queuing server. Security queries to Active Directory and other directory services, in which the client and server are online and talk to one another, are implemented using the Kerberos V5 security protocol (between Windows Server 2003 family and/or Windows 2000 computers), or with server certificates (for compatibility with MSMQ 1.0 running on Windows NT 4.0). The method used depends on the version of Message Queuing (and hence the operating system) running on the server and the client. For more information on server authentication, see Managing server authentication.

Message authentication

Message authentication, which confirms that a message has not been tampered with and can be used to verify the identity of the sender of a message to the receiver, is implemented using certificates. Messages are authenticated asynchronously without the sender and the receiver communicating with one another. The use of message authentication is optional. Message Queuing applications are not required to use authentication when sending or receiving messages. Note that the use of message authentication slows the transfer of messages. When used, however, Message Queuing applications that send or receive authenticated messages must use the cryptographic service provider installed by default with Windows Server 2003 family, which is needed for both message authentication and encryption. For more information on message encryption, see Encryption for Message Queuing. For more information on message authentication, see Managing message authentication.

For more information on authentication for Windows Server 2003 family, see Authentication, in the Windows Help file.

For more information on certificates for Windows Server 2003 family, see Certificates overview in the Windows Help file.

HTTPS authentication

Using HTTPS to send messages ensures authentication of users requesting access to Message Queuing resources by means of a Web server, by establishing a Secure Sockets Layer (SSL) connection for secure communication between a sender and recipient. Authentication for an SSL connection is done using server and client certificates. For more information, see HTTPS authentication.