Service broker with only domain account

2019-04-15 00:57发布

I am new to MS Sql's service broker.

I've examined a couple of tutorials. But I could not find an answer.

I have distributed servers, but luckily all of them are under the same domain.

Is it possible to accomplish a structure without using any certificate?

标签： sql sql-server service-broker

2条回答

时光不老，我们不散

2楼-- · 2019-04-15 01:21

Yes.

Do no use dialog security. Make sure all your BEGIN DIALOG statements use ENCRYPTION = OFF clause:

BEGIN DIALOG @handle
  FROM SERVICE @from_service   
  TO SERVICE @to_service
  ON CONTRACT @contract
  WITH ENCRYPTION = OFF;

Grant SEND permission to [public] on each destinations service:

GRANT SEND ON SERVICE::<servicename> TO [public];

Use WINDOWS authentication on ENDPOINTs:

 CREATE ENDPOINT broker 
   STATE = STARTED
   AS TCP (LISTENER_PORT = 4022)
   FOR SERVICE_BROKER (AUTHENTICATION = WINDOWS);

Grant CONNECT to ENDPOINT permission to the domain account used by your SQL Service:

GRANT CONNECT ON ENDPOINT::broker TO [domain\sqlserviceaccount];

(edited to correct GRANT SEND syntax)

0人赞添加讨论(0) 举报

聊天终结者

3楼-- · 2019-04-15 01:21

Remus, could you do this with Encryption but without Master Key Encryption? I see that when I use AUTHENTICATION = WINDOWS, I can also do ENCRYPTION = SUPPORTED. Reading about SB, there's two types of encryption (transport & message).

This is all on the same internal network, but I'd rather not make the contents of the messages readable. I think that just means I need transport security - and I have no idea if that requires certificates or master key encryption.

Thanks!

0人赞添加讨论(0) 举报

Service broker with only domain account

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间