Service Broker 主密钥的要求

发布于 2024-10-06 21:22:35 字数 339 浏览 6 评论 0原文

我在各种 MSDN 页面和 SQL Server 博客中读到,Service Broker 数据库“通常”需要主密钥。

事实上,当尝试接收消息时,我收到以下应用程序事件日志消息:

Service Broker 需要访问 数据库中的主密钥 “MDR_REPLICATION_Z”。错误代码:26。 主密钥必须存在并且 服务主密钥加密是 必填。

令我困惑的是,当我所有的对话都已关闭加密时,为什么会发生这种情况。

有没有一种方法可以在加密处于关闭状态的单个数据库内部使用 Service Broker,而无需创建数据库主密钥?

I have read in various MSDN pages and SQL Server blogs that "usually" a Master Key is required in a Service Broker database.

Indeed, when trying to RECEIVE messages I get the following application event log message:

Service Broker needs to access the
master key in the database
'MDR_REPLICATION_Z'. Error code:26.
The master key has to exist and the
service master key encryption is
required.

What confuses me is why this is happening when all my CONVERSATIONs have ENCRYPTION = OFF.

Is there a way to make use of Service Broker internally within a single database where ENCYRPTION is OFF without having to create a Database Master Key?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

话少情深 2024-10-13 21:22:35

来自 Service Broker 对话安全性

Service Broker 对话框安全性让
您的应用程序使用身份验证,
授权或加密
个人对话对话(或
对话)。默认情况下,所有对话框
对话使用对话安全性。
当您开始对话时,您可以
明确允许对话继续进行
没有对话安全性,包括
ENCRYPTION = OFF 子句
BEGIN DIALOG CONVERSATION 语句。
但是,如果远程服务绑定
存在的服务
对话目标,对话框使用
即使加密 = 关闭,也能保证安全。

换句话说,请确保您没有任何匹配的远程服务绑定。

From Service Broker Dialog Security:

Service Broker dialog security lets
your application use authentication,
authorization, or encryption for an
individual dialog conversation (or
dialog). By default, all dialog
conversations use dialog security.
When you begin a dialog, you can
explicitly allow a dialog to proceed
without dialog security by including
the ENCRYPTION = OFF clause on the
BEGIN DIALOG CONVERSATION statement.
However, if a remote service binding
exists for the service that the
conversation targets, the dialog uses
security even when ENCRYPTION = OFF.

In other words, make sure you don't have any matching remote service bindings.

转身泪倾城 2024-10-13 21:22:35

另一种方法是为服务代理创建一个主密钥

首先通过右键单击队列并查看传输队列来检查您的服务代理队列
或者简单地使用此查询

SELECT  *, casted_message_body = CASE message_type_name WHEN 'X' 
    THEN CAST(message_body AS NVARCHAR(MAX)) 
    ELSE message_body 
END 
FROM [DATABASE_NAME].[sys].[transmission_queue]

如果您在这里找到任何数据,那么 Transmission_status 列将有原因。

如果代理没有发挥其作用,我将使用以下查询创建 NEW_BROKER

USE [master] 
ALTER DATABASE [DATABASE_NAME] SET NEW_BROKER

然后将 TRUSTWORTHY 设置为 ON 启用代理

ALTER DATABASE DATABASE_NAME SET ENABLE_BROKER;
ALTER DATABASE DATABASE_NAME SET TRUSTWORTHY ON;

最后,删除主密钥并创建新的主密钥并使用新密码加密:

ALTER AUTHORIZATION ON DATABASE::DATABASE_NAME TO [SA];
DROP MASTER KEY
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '79HGKJ67ghjgk^&*^fgj'
GO

密码可以是用户定义的混合字母数字和符号。

如果上述任何步骤需要较长时间运行,那么我建议您停止查询并重新打开 SQL 管理器并重试。应该效果很好!!

Alternative would be creating a master key for the service broker.

First Check your service broker queue by right clicking the queue and View Transmission Queue
or simply use this query

SELECT  *, casted_message_body = CASE message_type_name WHEN 'X' 
    THEN CAST(message_body AS NVARCHAR(MAX)) 
    ELSE message_body 
END 
FROM [DATABASE_NAME].[sys].[transmission_queue]

If you find any data in here then transmission_status column will have the reason for this.

If the broker is not playing its role, I would create NEW_BROKER with following query

USE [master] 
ALTER DATABASE [DATABASE_NAME] SET NEW_BROKER

Then Enable the BROKER with TRUSTWORTHY set to ON

ALTER DATABASE DATABASE_NAME SET ENABLE_BROKER;
ALTER DATABASE DATABASE_NAME SET TRUSTWORTHY ON;

Finally, dropping the master key and Creating New master key and encrypt by new password:

ALTER AUTHORIZATION ON DATABASE::DATABASE_NAME TO [SA];
DROP MASTER KEY
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '79HGKJ67ghjgk^&*^fgj'
GO

Password could be a user defined mixture of alphanumeric and symbols.

If any of the above steps taking longer time to run, then I would suggest you to stop the query and reopen the SQL manager and try again. It should work well!!

小伙你站住 2024-10-13 21:22:35

我找到了解决方案。

即使我的BEGIN对话框中指定的目标服务包含在同一个数据库中,我也需要明确以下事实:目标服务位于同一数据库内。

这是通过在指定目标服务时添加可选的 CURRENT DATABASE 来完成的:

BEGIN DIALOG @dlg_handle 
FROM SERVICE CheckpointAndLogInitiatorService 
TO
SERVICE 'CheckpointAndLogTargetService', 'CURRENT DATABASE'
ON CONTRACT
CheckpointStart_CheckpointStartReply
WITH ENCRYPTION = OFF;

I found the solution.

Even though the target service specified in my BEGIN DIALOG is contained in the same database, I needed to be explicit about the fact that the target service was within the same database.

This is done by adding the optional CURRENT DATABASE when specifying the target service:

BEGIN DIALOG @dlg_handle 
FROM SERVICE CheckpointAndLogInitiatorService 
TO
SERVICE 'CheckpointAndLogTargetService', 'CURRENT DATABASE'
ON CONTRACT
CheckpointStart_CheckpointStartReply
WITH ENCRYPTION = OFF;
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文