Share via


Determining the Dialog Security Type

The type of dialog security that is used for a conversation depends on the options in the BEGIN DIALOG CONVERSATION statement, the settings on the remote service binding for the service, and whether the owner of the initiating service owns a certificate. For each new dialog, SQL Server looks up the remote service binding for the target service in the sys.remote_service_bindings catalog view.

The following table lists the type of dialog security for each valid combination. Notice that if a remote service binding exists, the dialog uses encryption regardless of the settings on the BEGIN DIALOG CONVERSATION statement.

 

 

No remote service binding

Remote service binding with ANONYMOUS = ON

Remote service binding with ANONYMOUS = OFF

Service owner has a certificate

ENCRYPTION = ON

Dialog fails

Anonymous security

Full security

Service owner has a certificate

ENCRYPTION = OFF

No dialog security

Anonymous security

Full security

Service owner does not have a certificate

ENCRYPTION = ON

Dialog fails

Anonymous security

Dialog fails

Service owner does not have a certificate

ENCRYPTION = OFF

No dialog security

Anonymous security

Dialog fails

  • Dialog fails
    SQL Server does not have the information required to provide the requested security. Service Broker ends the conversation and puts an error message on the queue for the initiating service.

  • No dialog security
    SQL Server does not provide dialog security for the dialog. Operations on behalf of the initiating service run as public in the target database. Messages are not encrypted for this dialog. Notice, however, that transport security may encrypt the message on the network.

  • Anonymous security
    SQL Server uses anonymous security. Messages outside of the instance are encrypted for this dialog. Because the target service cannot verify the identity of the initiating service, operations on behalf of the initiating service run as public in the target database.

  • Full security
    SQL Server uses full security. Messages outside of the instance are encrypted for this dialog. Operations on behalf of the initiating service run as the designated user in the target database.