Determining the Dialog Security Type

The type of dialog security that is used for a conversation depends on the options in the BEGIN DIALOG CONVERSATION statement, the settings on the remote service binding for the service, and whether the owner of the initiating service owns a certificate. For each new dialog, SQL Server looks up the remote service binding for the target service in the sys.remote_service_bindings catalog view.

The following table lists the type of dialog security for each valid combination. Notice that if a remote service binding exists, the dialog uses encryption regardless of the settings on the BEGIN DIALOG CONVERSATION statement.

		No remote service binding	Remote service binding with ANONYMOUS = ON	Remote service binding with ANONYMOUS = OFF
Service owner has a certificate	ENCRYPTION = ON	Dialog fails	Anonymous security	Full security
Service owner has a certificate	ENCRYPTION = OFF	No dialog security	Anonymous security	Full security
Service owner does not have a certificate	ENCRYPTION = ON	Dialog fails	Anonymous security	Dialog fails
Service owner does not have a certificate	ENCRYPTION = OFF	No dialog security	Anonymous security	Dialog fails

• Dialog fails
  SQL Server does not have the information required to provide the requested security. Service Broker ends the conversation and puts an error message on the queue for the initiating service.

• No dialog security
  SQL Server does not provide dialog security for the dialog. Operations on behalf of the initiating service run as public in the target database. Messages are not encrypted for this dialog. Notice, however, that transport security may encrypt the message on the network.

• Anonymous security
  SQL Server uses anonymous security. Messages outside of the instance are encrypted for this dialog. Because the target service cannot verify the identity of the initiating service, operations on behalf of the initiating service run as public in the target database.

• Full security
  SQL Server uses full security. Messages outside of the instance are encrypted for this dialog. Operations on behalf of the initiating service run as the designated user in the target database.

See Also

Tasks

How to: Configure Initiating Services for Anonymous Dialog Security (Transact-SQL)

How to: Configure Initiating Services for Full Dialog Security (Transact-SQL)

How to: Configure Target Services for Anonymous Dialog Security (Transact-SQL)

How to: Configure Target Services for Full Dialog Security (Transact-SQL)

How to: Configure Permissions for a Local Service (Transact-SQL)

Concepts

Service Broker Communication Protocols