MQSetQueueSecurity (mqrt)
Last changed: 66.194.55.242

.
Summary
The MQSetQueueSecurity function sets the access control security descriptor for the queue that you specify.

C# Signature:

[DllImport("mqrt.dll", SetLastError=false, CharSet=CharSet.Auto)]
public static extern uint MQSetQueueSecurity(
      [MarshalAs(UnmanagedType.LPWStr)]
      string lpwcsFormatName
    , int SecurityInformation
    , IntPtr pSecurityDescriptor
);

VB Signature:jkhjkhkjh

Declare Function MQSetQueueSecurity Lib "mqrt.dll" (TODO) As TODO

User-Defined Types:

SECURITY_INFORMATION

Notes:

MQGetQueueSecurity and MQSetQueueSecurity don't have a managed equivalent in the System.Messaging namespace. If you need to read or change the ACL on a queue to, for example, change the queue owner, you need to use P/Invoke to mqrt.dll.

Tips & Tricks:

Please add some!

Sample Code:

I can share more of the code if people are interested, but there are lots of API calls leading up to the call to MQSetQueueSecurity, so I'll just show the interesting parts here:

    class mqrt {

        public const int OWNER_SECURITY_INFORMATION = 0x1;
        public const int MQ_OK = 0x0;

        public const uint MQ_ERROR_SECURITY_DESCRIPTOR_TOO_SMALL = 0xC00E0023;

        //MQGetQueueSecurity
        //The MQGetQueueSecurity function retrieves the access control
        //security descriptor for the queue that you specify
        [DllImport("mqrt.dll", SetLastError=true)]
        public static extern uint MQGetQueueSecurity (
                  [MarshalAs(UnmanagedType.LPWStr)]
                  string lpwcsFormatName
                , int SecurityInformation
        , IntPtr pSecurityDescriptor
        , int nLength
        , out int lpnLengthNeeded
        );

        //MQSetQueueSecurity
        //The MQSetQueueSecurity function sets the access control
        //security descriptor for the queue that you specify.
        [DllImport("mqrt.dll", SetLastError=true, CharSet=CharSet.Auto)]
        public static extern uint MQSetQueueSecurity(
                  [MarshalAs(UnmanagedType.LPWStr)]
                  string lpwcsFormatName
                , int SecurityInformation
                , IntPtr pSecurityDescriptor
        );
    }

         public bool setQueueOwnerName(string formatName, string newOwner) {

            uint result;    //Return value of Win32 API call

            advapi32.SECURITY_DESCRIPTOR sd = new advapi32.SECURITY_DESCRIPTOR();

            IntPtr pSD = IntPtr.Zero;
            GCHandle hSD = GCHandle.Alloc(sd, GCHandleType.Pinned);
            pSD = hSD.AddrOfPinnedObject();

            //Call advapi32!InitializeSecurityDescriptor()
            //Call advapi32!SetSecurityDescriptorOwner()

            result = mqrt.MQSetQueueSecurity(
                  formatName
                , mqrt.OWNER_SECURITY_INFORMATION
                , pSD
            );

            //Free the Pinned Objects
            hSD.Free();

            return true;
        }

Alternative Managed API:

You can use "System.Messaging.MessageQueue.SetPermissions", which exposes permissions at a mich higher level. Unfortunately, there's no matching method GetPermissions

Documentation