3
votes

I have written a web service that reads from a message queue. This works fine under Cassini.

Now that I have deployed the service under IIS, I receive an error message when the service tries to access the queue:

The queue does not exist or you do not have sufficient permissions to perform the operation.

I have set the anonymous access user on the IIS virtual directory to be my own domain account, which is a member of the administrators group on the local machine. I have granted this same user full permissions on the queue, as well as NETWORK SERVICE and ASPNET.

I still get the same error message.

I have also tried disabling anonymous access on the virtual directory and connecting to the service using my own login details - to no avail.

Any help with this problem will be greatly appreciated!


I have also tried various combinations of:

and With testUsr having full permissions on the queue. I have added permissions for the user and ASPNET on the MSMQ store folders on C:\

1
I have also tried various combinations of: <authentication mode ="Windows" /> and <identity impersonate="true" userName="myXPpc\testUsr" password="password1" /> With testUsr having full permissions on the queue. I have added permissions for the user and ASPNET on the MSMQ store folders on C:\RobD

1 Answers

5
votes

My understanding of the problem is that the process trying to execute the code is running as a different account under IIS than it does under Cassini.

The problem was that regardless of which user I impersonated - I always got the same error message - even when the user was a member of the local and domain administrator groups, and this user had full permissions on the queue. i.e. It is barely possible to assign more rights to a user.

It turns out, that using a FormatName for the queue, rather than a path name (myMachine\queueName) has solved the problem...

FormatName:DIRECT=OS:myMachine\myQueue

I am uncertain as to exactly why this is the case. Reading up has showed that when a path name is used, there is a necessity for an AD lookup, and although I think that the users that I have been testing with should have rights to do this, perhaps there is something missing.

However the immediate problem is solved and that's good enough for me.