Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have 2 databases within single SqlServer instance.
I need to send a message from one database to another using ServiceBroker services.
How can it be done without setting TRUSTWORTHY to “ON” on the database, because in my case this is not the option due to security risks?
You must set up dialog security, with certificates, see Certificates for Dialog Security:
create and export a certificate for the initiator service owner (likely dbo)
USE <initiatordb>;CREATE CERTIFICATE [<initiatorservicename>] AUTHORIZATION [<initiatorserviceowner>] WITH SUBJECT = '<initiatorservicename>';BACKUP CERTIFICATE [<initiatorservicename>] TO FILE = 'c:\temp\<initiatorservicename>.cer';do the same, for target service:
USE <targetdb>;CREATE CERTIFICATE [<targetservicename>] AUTHORIZATION [<targetserviceowner>] WITH SUBJECT = '<targetservicename>';BACKUP CERTIFICATE [<targetservicename>] TO FILE = 'c:\temp\<targetservicename>.cer';import the initiator service owner’s cert in the target DB, create a proxy user for it and grant SEND permission:
USE <targetdb>;CREATE USER [<initiatorserviceproxyuser>] WITHOUT LOGIN;CREATE CERTIFICATE [<initiatorservicename>] AUTHORIZATION [<initiatorserviceproxyuser>] FROM FILE='c:\temp\<initiatorservicename>.cer'GRANT SEND ON SERVICE::[<targetservicename>] TO [<initiatorserviceproxyuser>];import the target service owners’ certificate in initiator DB, create a proxy user for it and map the remote service binding:
USE <initiatordb>;CREATE USER [<targetserviceproxyuser>] WITHOUT LOGIN;CREATE CERTIFICATE [<targetservicename>] AUTHORIZATION [<targetserviceproxyuser>] FROM FILE='c:\temp\<targetservicename>.cer'CREATE REMOTE SERVICE BINDING [<targetservicename>] WITH SERVICE_NAME = '<targetservicename>', USER = [<targetserviceproxyuser>];I typed all this from memory, I hope I got the syntax right.