public static void Main(string[] args)
{
var queuePath = new QueuePath(".", "queue");
try
{
var aceMask = MSMQSecurity.GetAccessMask(queuePath, @"username");
Console.WriteLine(aceMask);
if ((aceMask & MQQUEUEACCESSMASK.MQSEC_RECEIVE_MESSAGE) == MQQUEUEACCESSMASK.MQSEC_RECEIVE_MESSAGE)
{
Console.WriteLine("Has receive access");
}
else
{
Console.WriteLine("Doesn't have receive access");
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Console.ReadKey();
}
private static ACCESS_ALLOWED_ACE GetAce(IntPtr pSecurityDescriptor, string sid)
{
bool daclPresent;
bool daclDefaulted;
IntPtr pAcl = IntPtr.Zero;
MSMQSecurity.GetSecurityDescriptorDacl(pSecurityDescriptor, out daclPresent, ref pAcl, out daclDefaulted);
if (daclPresent)
{
ACL_SIZE_INFORMATION AclSize = new ACL_SIZE_INFORMATION();
MSMQSecurity.GetAclInformation(pAcl, ref AclSize, (uint)Marshal.SizeOf(typeof(ACL_SIZE_INFORMATION)), ACL_INFORMATION_CLASS.AclSizeInformation);
for (int i = 0; i < AclSize.AceCount; i++)
{
IntPtr pAce;
var err = MSMQSecurity.GetAce(pAcl, i, out pAce);
ACCESS_ALLOWED_ACE ace = (ACCESS_ALLOWED_ACE)Marshal.PtrToStructure(pAce, typeof(ACCESS_ALLOWED_ACE));
IntPtr iter = (IntPtr)((long)pAce + (long)Marshal.OffsetOf(typeof(ACCESS_ALLOWED_ACE), "SidStart"));
byte[] bSID = null;
int size = (int)MSMQSecurity.GetLengthSid(iter);
bSID = new byte[size];
Marshal.Copy(iter, bSID, 0, size);
IntPtr ptrSid;
MSMQSecurity.ConvertSidToStringSid(bSID, out ptrSid);
string strSID = Marshal.PtrToStringAuto(ptrSid);
if (strSID == sid)
{
return(ace);
}
}
throw new Exception(string.Format("No ACE for SID {0} found in security descriptor", sid));
}
else
{
throw new Exception("No DACL found for security descriptor");
}
}
private static GCHandle GetSecurityDescriptorHandle(QueuePath queuePath)
{
byte[] securityDescriptorBytes;
int length;
int lengthNeeded;
uint result;
string formatName = queuePath.ToString();
//Call MQGetQueueSecurity two times. The first time, set the nLength
//parameter to 0. The function then informs you of the size that you need for the
//security descriptor in lpnLengthNeeded.
result = MSMQSecurity.MQGetQueueSecurity(
formatName
, (int)SecurityInformation.Dacl
, IntPtr.Zero
, 0
, out lengthNeeded);
if (result != MSMQSecurity.MQ_ERROR_SECURITY_DESCRIPTOR_TOO_SMALL)
{
//Something went wrong. Display error, and then exit.
string message = "There was an error calling MQGetQueueSecurity."
+ Environment.NewLine
+ "Error Number: " + result.ToString()
+ Environment.NewLine
+ "Error Message: " + MSMQSecurity.GetErrorMessage(result);
throw new Exception(message);
}
//Now we know how big to make the security descriptor.
length = lengthNeeded;
securityDescriptorBytes = new byte[length];
//Get a pointer to the SD
IntPtr pSecurityDescriptor = new IntPtr();
GCHandle gcHandleSecurityDescriptor = GCHandle.Alloc(securityDescriptorBytes, GCHandleType.Pinned);
pSecurityDescriptor = gcHandleSecurityDescriptor.AddrOfPinnedObject();
//Call MQGetQueueSecurity
result = MSMQSecurity.MQGetQueueSecurity(
formatName
, (int)SecurityInformation.Dacl
, pSecurityDescriptor
, length
, out lengthNeeded);
if (result != MSMQSecurity.MQ_OK)
{
gcHandleSecurityDescriptor.Free();
//Something else went wrong. Display error, and then exit.
string message = "There was an error calling MQGetQueueSecurity to read the SecurityDescriptor."
+ Environment.NewLine
+ "Error Number: " + result.ToString()
+ Environment.NewLine
+ "Error Message: " + MSMQSecurity.GetErrorMessage(result);
throw new Exception(message);
}
var securityDescriptor = new SECURITY_DESCRIPTOR();
Marshal.PtrToStructure(pSecurityDescriptor, securityDescriptor);
return(gcHandleSecurityDescriptor);
}
