Showing posts with label copied. Show all posts
Showing posts with label copied. Show all posts

Wednesday, 7 March 2012

Confusion about dialog security steps.

Hi There

I have done the following.

2 Servers across the net work Server A and Server B.

I have created private keys at each and copied to public keys across.

I create an endpoint at each with validation by the certificates. I then create appropriate users and logins at each and import the public certificates with authorization to the users who have send permission on the endpoints.

That is transport security sorted and it works.

Now from what i have learnt from examples, to setup dialog security i do the following.

create a private key in each DB :

create certificate Store001DialogPri

with subject = 'Store001DialogPri',

start_date = '07/20/2006'

active for begin_dialog = on;

go

I then copy the public key to each server, create a user only in each DB and import the public keys with authorization on the user. And grant send to the appropriate servcies to the user.

I then create appropriate remote service bindings with this user.

Now this works for me. Everythign seems A OK.

However i am going thorugh the Service Broker "bible", and there are a ton of steps i am not doing but my setup works ?

Steps i am not doing for example is when i create the private keys in the DB i should authorize them to a user i create who is then gratnted CONTROL permission on the SERVICES.

Now i do not do this but everything seems to be working. I thought i finally understood dialogs security but now i am totally confused ?

Is what i am doing correct ? If so why are these all these additinal steps mentioned ? WHat am i missing ?

Thanx

The AUTHORIZATION and CONTROL steps in the samples are needed if you are performing these steps for somebody else. You test probably ended up with all the services being owned by [dbo], (you are sysadmin on the test machine, aren't you?), and the certificates with private keys also being owned by [dbo], so it just worked. But in real life, you might have to do this setup steps for a service owned by a different database user, so in that case is important to associate the private key with the service owner.

HTH,
~ Remus

|||

Hi Remus

Yes everything should be owned by dbo, however i do not see any otehr users coming into the SB application, so therefore i shouldnot have to do these steps?

Thanx for the feedback

Posted by Sharon at 1:08 am 0 comments
Labels: , , , , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)