Readme_TransportSecurity Sample

11/05/2008 21:36:06

Scenario

In order to have a broker dialog between server instances, you have to be concerned with having a secure network connection, which in service broker terminology is called transport security. An effective way to accomplish this is using certificates to secure the broker endpoints, which is the topic of this sample. You can then safely establish dialogs knowing that the communication context is authenticated. By default, messages are also encrypted on behalf of dialogs by the endpoints to prevent monitoring.

Certificate-based authentication is more cumbersome to set up than Windows based authentication, but it works in more general circumstances, e.g., between different domains, and allows users to specify a window of time in which authentication will be honored. In any case, some form of transport security is always necessary.

The initiator and target certificates must be exchanged in order for them to authenticate each other. This "out of band" exchange should be done with a high level of trust, since a certificate bearer will be able to begin dialogs and send messages to service broker services in the authenticating server.

Transport security allows dialogs to be set up between services and is not concerned with permissions and security associated with these services. For example, in the sample code the target service will accept messages from any source in the sender server. If this is an issue, then see the dialog security sample.

Running the Sample

This sample requires two server instances on different machines to avoid a port collision. It is essential that the servers are configured to enable communication protocols. In this example, we will be using TCP, so use the SQL Server Configuration Manager to make sure TCP is enabled on both servers.

On one server, open the initiator project file in SQL Server Management Studio. Open the target project file on the other server.

Run the scripts, in order:

1 - Initiator endpoint setup.sql.
1 - Target endpoint setup.sql.
2 - Initiator certification of target.sql.
2 - Target certification of initiator.sql.
3 - Initiator service setup.sql.
3 - Target service setup.sql.
4 - Initiator message send.sql.
4 - Target message receive.sql.
5 - Initiator cleanup.sql.
5 - Target cleanup.sql.

© 2008 Microsoft Corporation. All rights reserved.

Last edited Feb 28, 2009 at 1:58 AM by portegys, version 2

Comments

No comments yet.