Determining the Dialog Security Type
The type of dialog security that is used for a conversation depends on the options in the BEGIN DIALOG CONVERSATION statement, the settings on the remote service binding for the service, and whether the owner of the initiating service owns a certificate. For each new dialog, SQL Server looks up the remote service binding for the target service in the sys.remote_service_bindings catalog view.
The following table lists the type of dialog security for each valid combination. Notice that if a remote service binding exists, the dialog uses encryption regardless of the settings on the BEGIN DIALOG CONVERSATION statement.
No remote service binding | Remote service binding with ANONYMOUS = ON | Remote service binding with ANONYMOUS = OFF | ||
---|---|---|---|---|
Service owner has a certificate |
ENCRYPTION = ON |
Dialog fails |
Anonymous security |
Full security |
Service owner has a certificate |
ENCRYPTION = OFF |
No dialog security |
Anonymous security |
Full security |
Service owner does not have a certificate |
ENCRYPTION = ON |
Dialog fails |
Anonymous security |
Dialog fails |
Service owner does not have a certificate |
ENCRYPTION = OFF |
No dialog security |
Anonymous security |
Dialog fails |
- Dialog fails
SQL Server does not have the information required to provide the requested security. Service Broker ends the conversation and puts an error message on the queue for the initiating service.
- No dialog security
SQL Server does not provide dialog security for the dialog. Operations on behalf of the initiating service run as public in the target database. Messages are not encrypted for this dialog. Notice, however, that transport security may encrypt the message on the network.
- Anonymous security
SQL Server uses anonymous security. Messages outside of the instance are encrypted for this dialog. Because the target service cannot verify the identity of the initiating service, operations on behalf of the initiating service run as public in the target database.
- Full security
SQL Server uses full security. Messages outside of the instance are encrypted for this dialog. Operations on behalf of the initiating service run as the designated user in the target database.
See Also
Tasks
How to: Configure Initiating Services for Anonymous Dialog Security (Transact-SQL)
How to: Configure Initiating Services for Full Dialog Security (Transact-SQL)
How to: Configure Target Services for Anonymous Dialog Security (Transact-SQL)
How to: Configure Target Services for Full Dialog Security (Transact-SQL)
How to: Configure Permissions for a Local Service (Transact-SQL)
Concepts
Service Broker Communication Protocols