How To Avoid Authentication with Queued Components (259720)

MORE INFORMATION

When you use Queued Components, method calls for an object are wrapped up in an MSMQ message. These messages are typically sent to the MSMQ queue on the server that is hosting the COM+ application. The COM+ application listener reads the messages and calls the components that are configured as queued.

By default, COM+ applications require authentication (they have an Authentication Level that is higher than None). This means that the COM+ application must be certain of "who" or "what" identity is making the calls.

When invoking an application through DCOM, authentication is achieved by NTLM and/or Kerberos. When using Queued Components, the only way to be certain a message comes from a known identity is to electronically sign the MSMQ message.

To avoid signing the MSMQ messages, you must set the COM+ Queued Component application to have an Authentication Level of "None". This is done in the Security tab of the application's property sheet.

Then, do either of the following:

Re-export the COM+ Application Proxy to the clients. -or-
Add AuthLevel=0 to the queue portion of the QC moniker (creation string), as in the following example:
```
Set oQCShip = GetObject("queue:AuthLevel=0/new:QCSample.QCShip")
					
```

REFERENCES

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

259719 How To Export a COM+ Application to Client Computers

For more information on using the COM+ Queued Components moniker, please see the following article on the Microsoft MSDN Web site:

http://msdn.microsoft.com/library/psdk/cossdk/pgservices_queuedcomponents_8o4y.htm

How To Avoid Authentication with Queued Components (259720)

SUMMARY

MORE INFORMATION

REFERENCES