Certificate security for WCF over MSMQ communication

Author: Sergey Sorokin

Published: 2009-09-29 04:52:00

Last update: 2013-01-10 11:08:19

Tags: msmq
security
wcf
certificate

Slug: Certificate-security-for-WCF-over-MSMQ-communication

While working on one of my projects, I had to make WCF run over a farm of load-balanced message queues. After several days of web search, asking questions and coding I have come up with the following "Step-by step guide for setting up certificate security for WCF over MSMQ communication".

The goal is to implement a secured WCF communication based on MSMQ under the following requirements/assumptions/recommendations.

• All MSMQ traffic must be encrypted and signed.
• No involvement of Windows Domain security and Active Directory.
• No code changes required on the client or on the server side.
• MSMQ version 4.0 (W2K8) is used, but it would be nice to have a solution that works on MSMQ 3.0 (W2K3) as well.
• There must be a well-established and straightforward routine for setting up secured communication that can be followed during test/staging/production deployment.

The weapon of choice is message-based certificate security. To put it simple, it means two things:

• all security-related activities happen on WCF level, MSMQ engine works only as a transport;
• certificate keys are stored on client and server machines.

Read on...