NServiceBus& MSMQ:如何更改队列的默认权限?
我的团队首次尝试使用 NServiceBus (v2.0),使用 MSMQ 作为后备存储。我们陷入了队列权限的困境。
我们在 Web 表单应用程序中使用它,其中运行网站的用户帐户不是计算机上的管理员。
当NServiceBus创建MSMQ队列时,它赋予本地管理员组完全控制权,以及本地每个人和匿名组发送消息的权限。
但后来,作为初始化队列的一部分,NServiceBus 尝试读取其所有消息。这就是我们遇到权限错误的地方。由于该网站不是以管理员身份运行,因此不允许读取消息。
其他人如何处理这个问题?您的应用程序是否以管理员身份运行?或者您是否首先在代码中创建 MSMQ 队列,为其提供所需的权限,以便 NServiceBus 不必创建它?还是我们缺少一些配置?或者我们是否可能编写错误使用 NServiceBus 的代码而遇到这种情况?
My team is on our first attempt at using NServiceBus (v2.0), using MSMQ as the backing storage. We're getting stuck on queue permissions.
We're using it in a Web Forms application, where the user account the website runs under is not an administrator on the machine.
When NServiceBus creates the MSMQ queue, it gives the local administrators group full control, and the local everyone and anonymous groups permissions to send messages.
But then later, as part of initializing the queue, NServiceBus tries to read all of its messages. That's where we run into the permissions error. Since the website isn't running as an administrator, it's not allowed to read messages.
How are other people dealing with this? Do your applications run as administrators? Or do you create the MSMQ queue in your code first, giving it the permissions you need, so that NServiceBus doesn't have to create it? Or is there a bit of configuration we're missing? Or are we likely writing our code that uses NServiceBus incorrectly to be running into this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
这篇博客文章应该有所帮助:
http://blogs.msdn.com/johnbreakwell/archive/2009/08/03/default-msmq-queue-permissions-have-changed-in-msmq-4-0。 aspx
特别是:
“如果您想在创建队列时设置权限,您始终可以构建所需的安全描述符并将其传递到 MQCreateQueue。不过,您无法自定义默认值,因为它们是硬编码的。"
干杯
约翰·布瑞克韦尔(John Breakwell)(前 MSFT)
This blog post should help:
http://blogs.msdn.com/johnbreakwell/archive/2009/08/03/default-msmq-queue-permissions-have-changed-in-msmq-4-0.aspx
Especially:
"If you want to set permissions when you create queues, you can always build the desired security descriptor and pass it in the pSecurityDescriptor parameter of MQCreateQueue. You can't, though, customise the defaults as they are hard-coded."
Cheers
John Breakwell (ex-MSFT)
我们在 Installer 子类中创建队列并将其作为 msi 安装的一部分执行。队列的所有权是一个快捷方式,但是可以通过AccessControlList设置相关权限:
我觉得NServiceBus的队列自动创建功能更适合开发,而不是部署。
We create the queues in an Installer subclass and execute it as part of the msi install. Ownership of the queue is a shortcut, but the relevant permissions can be set through AccessControlList:
I feel the queue auto-creation feature of NServiceBus is better suited for development, not deployment.
更改队列的所有权,这是在类似情况下唯一对我有用的事情
change ownership of the queue, it's the only thing that worked for me in a similar situation
要完全掌控 MSMQ 队列创建,您可以禁用 安装程序,然后处理 自己创建队列
To take full ownership of MSMQ queue creation you can disable installers and then handle the creation of queues yourself