Net.Msmq Wcf Binding and ANONYMOUS USER permission

January 19, 2011

My boss was frustrated after a weekend trying to track down a problem we were having with WCF’s Net.Msmq binding. He stumbled on the solution to the permission issue this morning (after reading many blogs without help).


WCF 5.0 on Windows 7. Using Net.Msmq binding and a remote queue. No client credentials being used. Machines within the same domain. Getting Access Denied error being sent back from the service. SysInternals Process Monitor and event logs did no provide any clue to the problem. Network Service and CLIENTMACHINE$ both had full permissions.


ANONYMOUS USER permission for Send, Read, and Peak Messages was required on the machine hosting the service for the message to be processed on the service side.

My boss worked backwards to the solution when he saw it work after giving Everyone full permissions on the queue.

Lesson Learned

always try Everyone full permissions when encountering a similar problem to rule out security being an issue. Then work back to the smallest set of credentials that are required. We can afford to use ANONYMOUS USER in our case because both machines are behind the same firewall in our production environment.

