Strange problem with authentication on IBMMQ, it takes the running user ID
up vote
1
down vote
favorite
I've got a strange problem when I perform a push of a message in a queue. I've configured my application to read userid/password from app.config. when the message is put on the queue I got the username of the user that has run the application and it's the one of the .config file.
The code I use to create the MQQueueManager is
private static readonly Lazy<MQQueueManager> lazy =
new Lazy<MQQueueManager>(() =>
{
var properties = new Hashtable();
var container = ContainerWrapper.Container;
IConfiguration configuration = container.GetInstance<IConfiguration>();
properties.Add(MQC.HOST_NAME_PROPERTY, configuration.GetValue<string>("HOST_NAME_PROPERTY"));
properties.Add(MQC.PORT_PROPERTY, configuration.GetValue<int>("PORT_PROPERTY"));
properties.Add(MQC.USER_ID_PROPERTY, configuration.GetValue<string>("USER_ID_PROPERTY"));
properties.Add(MQC.PASSWORD_PROPERTY, configuration.GetValue<string>("PASSWORD_PROPERTY"));
properties.Add(MQC.CHANNEL_PROPERTY, configuration.GetValue<string>("CHANNEL_PROPERTY"));
MQQueueManager queueManager = new MQQueueManager(configuration.GetValue<string>("QUEUE_MANAGER_NAME"), properties);
return queueManager;
});
Am I missing something?
Thanks in advance
c# ibm-mq
asked Oct 22 at 8:14
advapi
1,00311129
add a comment |
up vote
1
down vote
favorite
I've got a strange problem when I perform a push of a message in a queue. I've configured my application to read userid/password from app.config. when the message is put on the queue I got the username of the user that has run the application and it's the one of the .config file.
The code I use to create the MQQueueManager is
private static readonly Lazy<MQQueueManager> lazy =
new Lazy<MQQueueManager>(() =>
{
var properties = new Hashtable();
var container = ContainerWrapper.Container;
IConfiguration configuration = container.GetInstance<IConfiguration>();
properties.Add(MQC.HOST_NAME_PROPERTY, configuration.GetValue<string>("HOST_NAME_PROPERTY"));
properties.Add(MQC.PORT_PROPERTY, configuration.GetValue<int>("PORT_PROPERTY"));
properties.Add(MQC.USER_ID_PROPERTY, configuration.GetValue<string>("USER_ID_PROPERTY"));
properties.Add(MQC.PASSWORD_PROPERTY, configuration.GetValue<string>("PASSWORD_PROPERTY"));
properties.Add(MQC.CHANNEL_PROPERTY, configuration.GetValue<string>("CHANNEL_PROPERTY"));
MQQueueManager queueManager = new MQQueueManager(configuration.GetValue<string>("QUEUE_MANAGER_NAME"), properties);
return queueManager;
});
Am I missing something?
Thanks in advance
c# ibm-mq
asked Oct 22 at 8:14
advapi
1,00311129
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I've got a strange problem when I perform a push of a message in a queue. I've configured my application to read userid/password from app.config. when the message is put on the queue I got the username of the user that has run the application and it's the one of the .config file.
The code I use to create the MQQueueManager is
private static readonly Lazy<MQQueueManager> lazy =
new Lazy<MQQueueManager>(() =>
{
var properties = new Hashtable();
var container = ContainerWrapper.Container;
IConfiguration configuration = container.GetInstance<IConfiguration>();
properties.Add(MQC.HOST_NAME_PROPERTY, configuration.GetValue<string>("HOST_NAME_PROPERTY"));
properties.Add(MQC.PORT_PROPERTY, configuration.GetValue<int>("PORT_PROPERTY"));
properties.Add(MQC.USER_ID_PROPERTY, configuration.GetValue<string>("USER_ID_PROPERTY"));
properties.Add(MQC.PASSWORD_PROPERTY, configuration.GetValue<string>("PASSWORD_PROPERTY"));
properties.Add(MQC.CHANNEL_PROPERTY, configuration.GetValue<string>("CHANNEL_PROPERTY"));
MQQueueManager queueManager = new MQQueueManager(configuration.GetValue<string>("QUEUE_MANAGER_NAME"), properties);
return queueManager;
});
Am I missing something?
Thanks in advance
c# ibm-mq
asked Oct 22 at 8:14
advapi
1,00311129
I've got a strange problem when I perform a push of a message in a queue. I've configured my application to read userid/password from app.config. when the message is put on the queue I got the username of the user that has run the application and it's the one of the .config file.
The code I use to create the MQQueueManager is
private static readonly Lazy<MQQueueManager> lazy =
new Lazy<MQQueueManager>(() =>
{
var properties = new Hashtable();
var container = ContainerWrapper.Container;
IConfiguration configuration = container.GetInstance<IConfiguration>();
properties.Add(MQC.HOST_NAME_PROPERTY, configuration.GetValue<string>("HOST_NAME_PROPERTY"));
properties.Add(MQC.PORT_PROPERTY, configuration.GetValue<int>("PORT_PROPERTY"));
properties.Add(MQC.USER_ID_PROPERTY, configuration.GetValue<string>("USER_ID_PROPERTY"));
properties.Add(MQC.PASSWORD_PROPERTY, configuration.GetValue<string>("PASSWORD_PROPERTY"));
properties.Add(MQC.CHANNEL_PROPERTY, configuration.GetValue<string>("CHANNEL_PROPERTY"));
MQQueueManager queueManager = new MQQueueManager(configuration.GetValue<string>("QUEUE_MANAGER_NAME"), properties);
return queueManager;
});
Am I missing something?
Thanks in advance
c# ibm-mq
c# ibm-mq
asked Oct 22 at 8:14
advapi
1,00311129
asked Oct 22 at 8:14
advapi
1,00311129
asked Oct 22 at 8:14
advapi
1,00311129
asked Oct 22 at 8:14
advapi
1,00311129
asked Oct 22 at 8:14
advapi
1,00311129
1,00311129
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
2
down vote
accepted
In order for your connection to run as the user ID and password provided on the connect, you must configure the queue manager to check the user ID and password and also you must configure the queue manager to adopt the validated user ID.
DISPLAY QMGR CONNAUTH
The value in the CONNAUTH field is the name of an AUTHINFO object. If it is blank, user ID and password checking is not enabled. Set it to an appropriate object name.
ALTER QMGR CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
Now look at the attributes of it.
DISPLAY AUTHINFO(name-from-connauth) ALL
If ADOPTCTK is set to NO, the the user ID will not be adopted as the connection's user ID, and so will not be seen in the message context.
ALTER AUTHINFO(name-from-connauth) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
If you had to make any alterations, you must now issue this command.
REFRESH SECURITY TYPE(CONNAUTH)
answered Oct 22 at 10:58
Morag Hughson
4,360531
Excuse me Morag, whate have I to pass as name-from-connauth ? the username?
– advapi
Oct 22 at 15:04
The name that was displayed in the CONNAUTH field from the earlier DISPLAY command, or if blank, the name you set into it with the ALTER command.
– Morag Hughson
Oct 22 at 19:36
Hello, I got this message AMQ8427: Valid syntax for the MQSC command: ALTER AUTHINFO( authinfo_name ) AUTHTYPE( CRLLDAP | OCSP | IDPWOS | IDPWLDAP ) I'm using IBMMQ 8
– advapi
Oct 23 at 14:13
Oops, my apologies - typo in command (did from memory). Have corrected answer.
– Morag Hughson
Oct 24 at 1:46
add a comment |
up vote
-1
down vote
You probably need to add another line to your properties.
Try (from memory so you will need to find the correct constant)
USE_MQCSP_USERNAME_PASSWORD This should be a boolean and should be set to yes....
Add this to your properties, then create the queue manager with those properties.
answered Oct 24 at 21:00
user10554473
1
Welcome to SO, it is better to write a answer to something you specifically have knowledge of or have researched than to provide a answer to something you are not certain of (ex: from memory). This is C# he is asking about and while it does have a property similar to what you mentioned, unlike Java it appears to be ignored and if the the USERID and PASSWORD are specified a MQCSP is generated no matter if the MQCSP property is set or not. @Morag already provided the likely answer that MQ by default on the Qmgr after authenticating the ID/PW will use the user the process ran as for OAM checks.
– JoshMc
Oct 24 at 21:27
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
In order for your connection to run as the user ID and password provided on the connect, you must configure the queue manager to check the user ID and password and also you must configure the queue manager to adopt the validated user ID.
DISPLAY QMGR CONNAUTH
The value in the CONNAUTH field is the name of an AUTHINFO object. If it is blank, user ID and password checking is not enabled. Set it to an appropriate object name.
ALTER QMGR CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
Now look at the attributes of it.
DISPLAY AUTHINFO(name-from-connauth) ALL
If ADOPTCTK is set to NO, the the user ID will not be adopted as the connection's user ID, and so will not be seen in the message context.
ALTER AUTHINFO(name-from-connauth) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
If you had to make any alterations, you must now issue this command.
REFRESH SECURITY TYPE(CONNAUTH)
answered Oct 22 at 10:58
Morag Hughson
4,360531
Excuse me Morag, whate have I to pass as name-from-connauth ? the username?
– advapi
Oct 22 at 15:04
The name that was displayed in the CONNAUTH field from the earlier DISPLAY command, or if blank, the name you set into it with the ALTER command.
– Morag Hughson
Oct 22 at 19:36
Hello, I got this message AMQ8427: Valid syntax for the MQSC command: ALTER AUTHINFO( authinfo_name ) AUTHTYPE( CRLLDAP | OCSP | IDPWOS | IDPWLDAP ) I'm using IBMMQ 8
– advapi
Oct 23 at 14:13
Oops, my apologies - typo in command (did from memory). Have corrected answer.
– Morag Hughson
Oct 24 at 1:46
add a comment |
up vote
2
down vote
accepted
In order for your connection to run as the user ID and password provided on the connect, you must configure the queue manager to check the user ID and password and also you must configure the queue manager to adopt the validated user ID.
DISPLAY QMGR CONNAUTH
The value in the CONNAUTH field is the name of an AUTHINFO object. If it is blank, user ID and password checking is not enabled. Set it to an appropriate object name.
ALTER QMGR CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
Now look at the attributes of it.
DISPLAY AUTHINFO(name-from-connauth) ALL
If ADOPTCTK is set to NO, the the user ID will not be adopted as the connection's user ID, and so will not be seen in the message context.
ALTER AUTHINFO(name-from-connauth) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
If you had to make any alterations, you must now issue this command.
REFRESH SECURITY TYPE(CONNAUTH)
answered Oct 22 at 10:58
Morag Hughson
4,360531
Excuse me Morag, whate have I to pass as name-from-connauth ? the username?
– advapi
Oct 22 at 15:04
The name that was displayed in the CONNAUTH field from the earlier DISPLAY command, or if blank, the name you set into it with the ALTER command.
– Morag Hughson
Oct 22 at 19:36
Hello, I got this message AMQ8427: Valid syntax for the MQSC command: ALTER AUTHINFO( authinfo_name ) AUTHTYPE( CRLLDAP | OCSP | IDPWOS | IDPWLDAP ) I'm using IBMMQ 8
– advapi
Oct 23 at 14:13
Oops, my apologies - typo in command (did from memory). Have corrected answer.
– Morag Hughson
Oct 24 at 1:46
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
In order for your connection to run as the user ID and password provided on the connect, you must configure the queue manager to check the user ID and password and also you must configure the queue manager to adopt the validated user ID.
DISPLAY QMGR CONNAUTH
The value in the CONNAUTH field is the name of an AUTHINFO object. If it is blank, user ID and password checking is not enabled. Set it to an appropriate object name.
ALTER QMGR CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
Now look at the attributes of it.
DISPLAY AUTHINFO(name-from-connauth) ALL
If ADOPTCTK is set to NO, the the user ID will not be adopted as the connection's user ID, and so will not be seen in the message context.
ALTER AUTHINFO(name-from-connauth) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
If you had to make any alterations, you must now issue this command.
REFRESH SECURITY TYPE(CONNAUTH)
answered Oct 22 at 10:58
Morag Hughson
4,360531
In order for your connection to run as the user ID and password provided on the connect, you must configure the queue manager to check the user ID and password and also you must configure the queue manager to adopt the validated user ID.
DISPLAY QMGR CONNAUTH
The value in the CONNAUTH field is the name of an AUTHINFO object. If it is blank, user ID and password checking is not enabled. Set it to an appropriate object name.
ALTER QMGR CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
Now look at the attributes of it.
DISPLAY AUTHINFO(name-from-connauth) ALL
If ADOPTCTK is set to NO, the the user ID will not be adopted as the connection's user ID, and so will not be seen in the message context.
ALTER AUTHINFO(name-from-connauth) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
If you had to make any alterations, you must now issue this command.
REFRESH SECURITY TYPE(CONNAUTH)
answered Oct 22 at 10:58
Morag Hughson
4,360531
edited Oct 24 at 1:46
answered Oct 22 at 10:58
Morag Hughson
4,360531
answered Oct 22 at 10:58
Morag Hughson
4,360531
answered Oct 22 at 10:58
Morag Hughson
4,360531
4,360531
Excuse me Morag, whate have I to pass as name-from-connauth ? the username?
– advapi
Oct 22 at 15:04
The name that was displayed in the CONNAUTH field from the earlier DISPLAY command, or if blank, the name you set into it with the ALTER command.
– Morag Hughson
Oct 22 at 19:36
Hello, I got this message AMQ8427: Valid syntax for the MQSC command: ALTER AUTHINFO( authinfo_name ) AUTHTYPE( CRLLDAP | OCSP | IDPWOS | IDPWLDAP ) I'm using IBMMQ 8
– advapi
Oct 23 at 14:13
Oops, my apologies - typo in command (did from memory). Have corrected answer.
– Morag Hughson
Oct 24 at 1:46
add a comment |
Excuse me Morag, whate have I to pass as name-from-connauth ? the username?
– advapi
Oct 22 at 15:04
The name that was displayed in the CONNAUTH field from the earlier DISPLAY command, or if blank, the name you set into it with the ALTER command.
– Morag Hughson
Oct 22 at 19:36
Hello, I got this message AMQ8427: Valid syntax for the MQSC command: ALTER AUTHINFO( authinfo_name ) AUTHTYPE( CRLLDAP | OCSP | IDPWOS | IDPWLDAP ) I'm using IBMMQ 8
– advapi
Oct 23 at 14:13
Oops, my apologies - typo in command (did from memory). Have corrected answer.
– Morag Hughson
Oct 24 at 1:46
Excuse me Morag, whate have I to pass as name-from-connauth ? the username?
– advapi
Oct 22 at 15:04
Excuse me Morag, whate have I to pass as name-from-connauth ? the username?
– advapi
Oct 22 at 15:04
The name that was displayed in the CONNAUTH field from the earlier DISPLAY command, or if blank, the name you set into it with the ALTER command.
– Morag Hughson
Oct 22 at 19:36
The name that was displayed in the CONNAUTH field from the earlier DISPLAY command, or if blank, the name you set into it with the ALTER command.
– Morag Hughson
Oct 22 at 19:36
Hello, I got this message AMQ8427: Valid syntax for the MQSC command: ALTER AUTHINFO( authinfo_name ) AUTHTYPE( CRLLDAP | OCSP | IDPWOS | IDPWLDAP ) I'm using IBMMQ 8
– advapi
Oct 23 at 14:13
Hello, I got this message AMQ8427: Valid syntax for the MQSC command: ALTER AUTHINFO( authinfo_name ) AUTHTYPE( CRLLDAP | OCSP | IDPWOS | IDPWLDAP ) I'm using IBMMQ 8
– advapi
Oct 23 at 14:13
Oops, my apologies - typo in command (did from memory). Have corrected answer.
– Morag Hughson
Oct 24 at 1:46
Oops, my apologies - typo in command (did from memory). Have corrected answer.
– Morag Hughson
Oct 24 at 1:46
add a comment |
up vote
-1
down vote
You probably need to add another line to your properties.
Try (from memory so you will need to find the correct constant)
USE_MQCSP_USERNAME_PASSWORD This should be a boolean and should be set to yes....
Add this to your properties, then create the queue manager with those properties.
answered Oct 24 at 21:00
user10554473
1
Welcome to SO, it is better to write a answer to something you specifically have knowledge of or have researched than to provide a answer to something you are not certain of (ex: from memory). This is C# he is asking about and while it does have a property similar to what you mentioned, unlike Java it appears to be ignored and if the the USERID and PASSWORD are specified a MQCSP is generated no matter if the MQCSP property is set or not. @Morag already provided the likely answer that MQ by default on the Qmgr after authenticating the ID/PW will use the user the process ran as for OAM checks.
– JoshMc
Oct 24 at 21:27
add a comment |
up vote
-1
down vote
You probably need to add another line to your properties.
Try (from memory so you will need to find the correct constant)
USE_MQCSP_USERNAME_PASSWORD This should be a boolean and should be set to yes....
Add this to your properties, then create the queue manager with those properties.
answered Oct 24 at 21:00
user10554473
1
Welcome to SO, it is better to write a answer to something you specifically have knowledge of or have researched than to provide a answer to something you are not certain of (ex: from memory). This is C# he is asking about and while it does have a property similar to what you mentioned, unlike Java it appears to be ignored and if the the USERID and PASSWORD are specified a MQCSP is generated no matter if the MQCSP property is set or not. @Morag already provided the likely answer that MQ by default on the Qmgr after authenticating the ID/PW will use the user the process ran as for OAM checks.
– JoshMc
Oct 24 at 21:27
add a comment |
up vote
-1
down vote
up vote
-1
down vote
You probably need to add another line to your properties.
Try (from memory so you will need to find the correct constant)
USE_MQCSP_USERNAME_PASSWORD This should be a boolean and should be set to yes....
Add this to your properties, then create the queue manager with those properties.
answered Oct 24 at 21:00
user10554473
1
You probably need to add another line to your properties.
Try (from memory so you will need to find the correct constant)
USE_MQCSP_USERNAME_PASSWORD This should be a boolean and should be set to yes....
Add this to your properties, then create the queue manager with those properties.
answered Oct 24 at 21:00
user10554473
1
answered Oct 24 at 21:00
user10554473
1
answered Oct 24 at 21:00
user10554473
1
answered Oct 24 at 21:00
user10554473
1
1
Welcome to SO, it is better to write a answer to something you specifically have knowledge of or have researched than to provide a answer to something you are not certain of (ex: from memory). This is C# he is asking about and while it does have a property similar to what you mentioned, unlike Java it appears to be ignored and if the the USERID and PASSWORD are specified a MQCSP is generated no matter if the MQCSP property is set or not. @Morag already provided the likely answer that MQ by default on the Qmgr after authenticating the ID/PW will use the user the process ran as for OAM checks.
– JoshMc
Oct 24 at 21:27
add a comment |
Welcome to SO, it is better to write a answer to something you specifically have knowledge of or have researched than to provide a answer to something you are not certain of (ex: from memory). This is C# he is asking about and while it does have a property similar to what you mentioned, unlike Java it appears to be ignored and if the the USERID and PASSWORD are specified a MQCSP is generated no matter if the MQCSP property is set or not. @Morag already provided the likely answer that MQ by default on the Qmgr after authenticating the ID/PW will use the user the process ran as for OAM checks.
– JoshMc
Oct 24 at 21:27
Welcome to SO, it is better to write a answer to something you specifically have knowledge of or have researched than to provide a answer to something you are not certain of (ex: from memory). This is C# he is asking about and while it does have a property similar to what you mentioned, unlike Java it appears to be ignored and if the the USERID and PASSWORD are specified a MQCSP is generated no matter if the MQCSP property is set or not. @Morag already provided the likely answer that MQ by default on the Qmgr after authenticating the ID/PW will use the user the process ran as for OAM checks.
– JoshMc
Oct 24 at 21:27
Welcome to SO, it is better to write a answer to something you specifically have knowledge of or have researched than to provide a answer to something you are not certain of (ex: from memory). This is C# he is asking about and while it does have a property similar to what you mentioned, unlike Java it appears to be ignored and if the the USERID and PASSWORD are specified a MQCSP is generated no matter if the MQCSP property is set or not. @Morag already provided the likely answer that MQ by default on the Qmgr after authenticating the ID/PW will use the user the process ran as for OAM checks.
– JoshMc
Oct 24 at 21:27
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f52924929%2fstrange-problem-with-authentication-on-ibmmq-it-takes-the-running-user-id%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
