Certificate security for WCF over MSMQ communication
Author: Sergey Sorokin
Published: 2009-09-29 04:52:00
Last update: 2013-01-10 11:08:19
While working on one of my projects, I had to make WCF run over a farm of load-balanced message queues. After several days of web search, asking questions and coding I have come up with the following "Step-by step guide for setting up certificate security for WCF over MSMQ communication".
The goal is to implement a secured WCF communication based on MSMQ under the following requirements/assumptions/recommendations.
- All MSMQ traffic must be encrypted and signed.
- No involvement of Windows Domain security and Active Directory.
- No code changes required on the client or on the server side.
- MSMQ version 4.0 (W2K8) is used, but it would be nice to have a solution that works on MSMQ 3.0 (W2K3) as well.
- There must be a well-established and straightforward routine for setting up secured communication that can be followed during test/staging/production deployment.
The weapon of choice is message-based certificate security. To put it simple, it means two things:
- all security-related activities happen on WCF level, MSMQ engine works only as a transport;
- certificate keys are stored on client and server machines.