{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Deceive 欺骗 的问题《C# MQ Connect get Error 2035 but Java MQ Connect w》','https://www.manongdao.com/q-430096.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I wrote a MQ 7.5 Connection routine in C# as bellow, but gets "2035" Error
using IBM.WMQ;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
try
{
MQEnvironment.Hostname = "192.168.163.63";
MQEnvironment.Port = 1418;
MQEnvironment.UserId = "mq";
MQEnvironment.Password = "mq";
MQEnvironment.Channel = "ServerChannel";
MQQueueManager queueManager = new MQQueueManager("QueueManager1418");
} catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadKey();
}
}
}
and at the same time/ same machine I wrote bellow JAVA MQ Connection which works well!!!
import com.ibm.mq.MQEnvironment;
import com.ibm.mq.MQQueueManager;
public class Program {
public static void main(String[] args) {
MQEnvironment.hostname = "192.168.163.63";
MQEnvironment.port = 1418;
MQEnvironment.userID = "mq";
MQEnvironment.password = "mq";
MQEnvironment.channel = "ServerChannel";
try{
MQQueueManager queueManager = new MQQueueManager("QueueManager1418");
System.out.println("Connected");
}catch (Exception ex){
System.out.println(ex.getMessage());
}
}
}
What can I do?
In Java when you set
MQEnvironment.userIDto a value, that value is actually passed to the MQ Queue Manager as the asserted user id.In C# when set
MQEnvironment.UserIdto a value, that value is not passed to the MQ Queue Manager, instead the id the C# process is running under is passed as the asserted user id.The asserted user is what MQ will use determine what authorizations you have if it is not overridden by other configurations such as the
SVRCONNchannel'sMCAUSERorCHLAUTHrules that map it to another id.With your Java app you send
mqas the asserted user id and this likely has the proper permissions to connect to the queue manager, for example+connect +dsp.With your C# app you send what ever userid you are running the process as and this user id likely does not have the proper permisisons to connect to the queue manager.
This would indicate that your MQ
SVRCONNchannel has a blankMCAUSERand no CHLAUTH rules in place to override this value.One way to fix this issue is by setting the
SVRCONNchannel'sMCAUSERtomq. This would be done with a command likeALTER CHL(ServerChannel) CHLTYPE(SVRCONN) MCAUSER('mq'). This would then override the asserted user id and MQ will always use the user idmqto determine what authorizations you have unless you haveCHLAUTHrules that map it to some other user id.If you leave it blank, then anyone can easily assert any user id. If you did not disable
CHLAUTHand did not change any of the defaultCHLAUTHrules on a new MQ 7.1 or later queue manager, then user ids with MQ Administrator authority would be blocked from connecting by default. If you did disableCHLAUTHor removed the rule which blocks user ids with MQ Administrator authority, then anyone can just assert a user id with MQ Administrator authority.I would suggest that you read more on MQ security to decide how you want to further secure your MQ Queue managers. If you have further questions please post them as new questions on Stackoverflow using the tag ibm-mq which is monitored by many people with MQ knowledge (Some even from IBM).
You can view many good MQ security related presentations at T.Rob's website.
Capitalware sponsors the MQ Technical Conference each year and the prior years' sessions (many of which are MQ security related) are archived under MQTC v2.0.1.7's Sessions Page (look at the bottom under Previous MQTC Sessions).