[This topic is subject to change in future releases. Blank topics are included as placeholders.]

Scenario

This sample shows how to set up a secure dialog using certificates. Service broker will always have a level of security at the transport level, which may include encryption, but this is at a server level of granularity. It does not secure conversations on a database-to-database basis. If this is required, then dialog security can be used. Dialog security is also end-to-end as opposed to the point-to-point connection-based security provided by transport security. Since conversations may entail multiple hops through the use of forwarding, dialog security can provide authentication and one-time encryption at the terminating services. Certificate-based authentication also allows users to specify a window of time in which authentication will be honored.

The initiator and target certificates must be exchanged in order for them to authenticate each other. This "out of band" exchange should be done with a high level of trust, since a certificate bearer will be able to begin dialogs and send messages to service broker services in the authenticating server.

Running the Sample

  1. This sample requires two server instances on different machines to avoid a port collision. It is essential that the servers are configured to enable communication protocols. In this example, we will be using TCP, so use the SQL Server Configuration Manager to make sure TCP is enabled on both servers. To keep things simple, Windows authentication is used for transport security. The transport security sample shows how to use certificates for this if needed.

  2. On one server, open the initiator project file in SQL Server Management Studio. Open the target project file on the other server.

  3. Run the scripts, in order:

    1 - Initiator endpoint setup.sql.

    1 - Target endpoint setup.sql.

    2 - Initiator service setup.sql.

    2 - Target service setup.sql.

    3 - Initiator certification of target.sql.

    3 - Target certification of initiator.sql.

    4 - Initiator message send.sql.

    4 - Target message receive.sql.

    5 - Initiator cleanup.sql.

    5 - Target cleanup.sql.