The PROPID_M_SECURITY_CONTEXT property specifies security information that MSMQ uses to authenticate messages.
The PROPID_M_SECURITY_CONTEXT property is only used by the sending application (it is not used when receiving messages) and should be deleted (see MQFreeSecurityContext) when the security context is no longer needed to send messages.
The PROPID_M_SECURITY_CONTEXT property is an opaque handle to the security information returned by MQGetSecurityContext. This information includes details about the user, as well as information about the user's security certificate (either an external security certificate provided by a certificate authority or the internal security certificate provided by MSMQ).
When authenticating messages, MSMQ must track which sender certificate is associated with which message. Consequently, calling MQSendMessage must be done in the same user-context as the call to MQGetSecurityContext. If MQGetSecurityContext is not called before the message is sent, the security context of the user who originally ran the process is used.
When the application is impersonating a user, the security context of the original user should not be used.
There are two ways to provide the security information for an external certificate. The sending application can provide the complete certificate using PROPID_M_SENDER_CERT, or it can call MQGetSecurityContext to retrieve security information from the certificate and place it (along with the user information) in PROPID_M_SECURITY_CONTEXT. When PROPID_M_SENDER_CERT is used, the certificate information in PROPID_M_SECURITY_CONTEXT is ignored but the user information is still valid. Either property can be used when authenticating messages with an external certificate.
MQFreeSecurityContext, MQGetSecurityContext, MQSendMessage, PROPID_M_SENDER_CERT