However i am still not 100% clear, dialog security with certificates when there are hundreds of remote services seems a bit complicated.
I have a few more questions.
1. you said "When sending the first message (any direction), we look up the 'best' certificate for each user"
My inititor sevice is owned by dbo, i have created certificates only for named users not dbo, how would this work?
2. I am going to try settin gup this again, but at the central service i will create a seprate user for each remote service, authorize the remote certificate for this user and use this user in the remote service binding for that remote service, is this correct or am i still doing somehting wrong?
3. How does all of this relate to the endpoint security, i ahve the same scenario, 1 pricipal id with all remote certificates authorized for it for the endpoint? I have no idea how i would have to setup different user for each remote servcie as far as the endpoint goes as there is no remote service binding to dictate which user to use ?
I will keep try and experimenting maybe i will get it right sooner or later.
In an environment where there are many initaitors speaking to a central target with frowarders in between, from what i can understand this best policy is to disable encryption on the endpoints, since dialog encryption will be enforced this is all that is really required, is this correct.
If the endpoints used encryption the message would need to be encrypted and decrypted at each forwarder resulting in slower perfromance, where as dialog encryption would only encrypt at the sender and decrypt at the target, so is this the best way to go?
Secondly is it best practice to open a dialog initally and send messages over this dialog for years never ending the conversation? This way the services only have to authenticate eachother once, if there are no reboots etc that is of course.
I would think performance wise sending each message and ending the conversation each time is a much greater overhead ? So would it be best practice to keep dialogs open and keep sending messages ?
Initally when i was learning service broker i thought that one must send a message and end the dialog until the next message, but i think the other way is the best option ?
I am in the process of evaluating the use of Service broker for messaging in a load balanced configuration, and am not having any success. My configuration is as follows. 1) Master database on Box #1 which is the initiator of all dialogs 2) Target database on Box #2 3) Target database on Box #3 One of my goals is that the databases on Box #2 and #3 are as close to identical as possible. My routing table on Box #1 looks something like the following Name remote_service_name broker_instance address TargetOne TargetService E96DC67E-F696-4D93-8545-C2E92157E32D tcp://server1:4022/ TargetTwo TargetService 56607120-26AA-4AAA-B9E4-F14689C40E41 tcp://server2:4022/ My messaging process begins with a dialog initiated from the master database (Box #1) to each of the target services. At this time, only the first server "tcp://server1:4022/" is receiving messages. The sys.transmission_queue shows a message outbound to "tcp://server2:4022/" with a blank status. I believe that my delivery problem has something to do with the resolution of the dialog certificate need for the conversation. The MSDN documentation states that: "Service Broker uses a remote service binding to locate the certificate to use for a new conversation...The certificate for user_name must correspond to the certificate for a user in the database that hosts the remote service." I am confused as to how I would configure remote service binding if one can not create more than one binding for the same remote_service_name. The following throws an exception on the last creation of the binding. ---CODE SNIP--- CREATE CERTIFICATE UFEDlgCertTargetPublic
2 Servers across the net work Server A and Server B.
I have created private keys at each and copied to public keys across.
I create an endpoint at each with validation by the certificates. I then create appropriate users and logins at each and import the public certificates with authorization to the users who have send permission on the endpoints.
That is transport security sorted and it works.
Now from what i have learnt from examples, to setup dialog security i do the following.
create a private key in each DB :
create certificate Store001DialogPri
with subject = 'Store001DialogPri',
start_date = '07/20/2006'
active for begin_dialog = on;
go
I then copy the public key to each server, create a user only in each DB and import the public keys with authorization on the user. And grant send to the appropriate servcies to the user.
I then create appropriate remote service bindings with this user.
Now this works for me. Everythign seems A OK.
However i am going thorugh the Service Broker "bible", and there are a ton of steps i am not doing but my setup works ???
Steps i am not doing for example is when i create the private keys in the DB i should authorize them to a user i create who is then gratnted CONTROL permission on the SERVICES.
Now i do not do this but everything seems to be working. I thought i finally understood dialogs security but now i am totally confused ?
Is what i am doing correct ? If so why are these all these additinal steps mentioned ? WHat am i missing ?
I understand that Dialog Security + certificates can be used to encryption individual dialogs. I have several demos working now that do just this.However, I don't fully understand exactly when the messages are encrypted, and if they are ever written to a queue on the initiating service prior to being encrypted. I want to make sure that admins can't simply query the transmission queues to get clear text messages, because I have strict requirements that I encrypt all personal data that is stored anywhere in a database. BOL is a little unclear on this topic. The relevant doc reads:For a dialog that uses security, Service Broker encrypts all messages sent outside a SQL Server instance. Messages that remain within a SQL Server instance are never encrypted. In dialog security, only the database that hosts the initiating service and the database that hosts the target service need to have access to the certificates used for security. That is, an instance that performs message forwarding is not required to have the capability to decrypt the messages that the instance forwards.Does this imply that message destined for an external service aren't encrypted until they leave the instance? Or does Service Broker figure out that the message is destined for a remote service and therefore applies encryption to the message_body prior to the message hitting the transmission queue on the initiating service?Many thanks, Kevin
Setting up Service Broker routes, endpoints and security is just too hard. One has to run pages and pages of Transact-SQL code just to get the €˜Hello, world€™ example work between two separate SQL Instances and the chances of making a mistake are overwhelming. Well, not anymore! I€™ve just uploaded into the Service Broker team code gallery a new GUI tool for doing just that: easily configure two services to be able to have conversations. The tool uses the €˜Service Listing€™ concept. A Service Listing is like an identity card for a service. It is an XML document that contains all the necessary information needed to establish a conversation with that service. When two parties need to establish a conversation, they can exchange the Service Listings of the two services and the tool will create the entire infrastructure needed to establish the conversation. Optionally it can also create the message types and contracts supported by a target service in the initiator service database....
when ever I send my message thru Service Broker I am getting an error message like this "
"Dialog security is not available for this conversation because there is no remote service binding for the target service. Create a remote service binding, or specify ENCRYPTION = OFF in the BEGIN DIALOG statement."
I am experiencing the same problem, and I can't get the easy fix to work. I drop and create the DB's in between tests, so it is not related to having an old certificate in the DB, as in the case of Tilfried.
The situation is as follows:
DB1 owned by login1, has a user for login2; this DB is for the initiator
DB2 owned by login2, has a user for login1; this DB hosts the target
Both DB's have TRUSTWORTHY flag set to ON
Error in sys.transmission_queue: 'Error 916, State 3: The server principal "Login1" is not able to access the database "DB2" under the current security context.
Going on a limp, I decide to add a remote service binding in DB1, binding the user for Login2 to the target service, even though BOL explicitly states that this is only required for cross-server communications. This does change the situation - I still get an error, but a new message is sys.transmission_queue: "Dialog security is unavailable for this covnersation because there is no certificate bound to the database principal (Id: 5). Either create a certificate for the principal, or specify ENCRYPTION = OFF when beginning the conversation." I already know that the first option works, but I wanted to get the simple solution running. As for the second option, I doublechecked and the initiating procedure DOES already specify ENCRYPTION = OFF in the BEGIN DIALOG CONVERSATION command. My theory is that the remote service binding somehow forces SB to use encryption, but (a) that is not stated in the error message, and (b) if so, then how to get the messages sent over to the target service without using the binding?
==> EDIT: Just saw that you confirmed this theory in your last reply to Tlifried. So I am indeed back to having to find out how to get this to work without remote service binding - it should be possible, but how???
BTW, SELECT @@VERSION shows that I'm on build 3054, in case it matters.
Between all the errors in BOL and less than helpfull error messages produced by SB, I feel like I'm slowly losing my sanity. Please help!
The apps that connect to my SQL DB's (for internet use) use SQL authentication (the app login so to speak). Anyways, a Java developer showed me that he built into his app a way to retrieve that app login and password from SQL Server. Obviously I wasn't very happy about this. So my questions:
1; Does anyone know if the same thing can be done using .NET code? 2; I've heard of a method using .Net Web Services (WS) for using WINNT authentication even for internet apps. It would be that the app calls a WS, that WS the passes in WIINT authentication to the DB and all is good. Has anyone else out there used this type of security? Is there a link you can provide? 3; If number 2 is implemented, does it then eliminate the possibility of apps being able to retieve the sensitive information?
I want to create an MS Access front-end for my SQL database. I want to create user accounts with passwords for each user. Should I change SQL Server to "MIXED authentication mode" (SQL Server authentication and Windows authentication) ?
******************************************** *** Thank you very much in advanced, security gurus *** ********************************************
I have created logins and user accounts in SQL Server. How come, when I open SQL Server, it did not prompt for passwords ? How can I make it to do so ?
******************************************** *** Thank you very much in advance, security gurus *** ********************************************
I realize that I am confused about SSIS and security.
In BIDS, I work on and modify my packages. That part I understand. Then, I want to build my project, then deploy to SQL Server 2005. I know how to do that too (for the most part, please see below):
My confusion arises around the "Protection Level" options in the package properties. Right now I have everything set to "EncryptSensitiveWithUserKey". My understanding is that I need to change this in order to run my packages from SQL Server jobs, because only the creator of the package can currently run the job.
So my question is, since I want to deploy to SQL Server, don't I want to change the "Protection Level" to "ServerStorage"?
However, it will not let me change the protection level to ServerStorage. It says "The protection level, ServerStorage, cannot be used when saving to this destination"... presumably because it is attempting to save to the file system.
However, even when I built out my packages and saved to SQL Server, I could not change the protection level either.
Which is why I am really confused... Once you save your packages to SQL Server, how do you make changes to the packages, so that the changes are reflected in the packages stored on SQL Server?
There is some concept I am not understanding here.
Still working on custom security Since I can't get a name of file (path) from within CheckAccess method it becomes somewhat useless. Is there a way to maybe overload GetPermissions or Policies methods? Or maybe CreateReport method so that I can include some custom code there? Is there an example of something like that?
I wish the catalog tree was transparent to Authentication extension, I don't see a point in acl for a custom extension, all I want is names and I can build on top of that. Something along the lines -
Code Snippet
public bool CheckAccess(...file...) { string[] permissions ; permissions = server.GetPermissions(file); ... Maybe I am missing something simple and I can tie everything to a security descriptor but I don't see how I can if there is no information such as name, date, modified by name and so on. All we get is principal name which is not very useful since I don't use built-in security names.
I am an Oracle DBA who inherited SQL Server administration. I have been to some 2005 training and I've been supporting several DB's for a while now but I still have some nagging security questions and would appreciate some help.
1) I needed to grant execute on a specific procedure but when I drilled down, I found that it already had execute in the EFFECTIVE PERMISSIONS. I would like to know how to tell where it got this permission from. I did some digging and found that execute appears to have been granted to the schema itself. I didn't know you could do that. Would this result in the effective permission that I observed?
2) I am trying to audit the permissions on existing principles. In Management Studio I drilled down and found permissions under Security and under Server Properties. There are also more permissions under Database Properties and Security and still more assigned at the specific object level. Where can I go or what can I query to see ALL the permissions a principle has been granted across the entire server?
3) If I grant a principle CONTROL to a schema does that also automatically confer DDL rights to said schema or would additional privs be required to perform DDL?
I am new to SQL 2005, can someone give me some details instructions about how to do below two tasks:
All my developers are in a window domain user group, I need to grant dbo privileges to that domain group so then can do the their development work. The rule is all objects they create need to be owned by dbo not by there ID. ( I can€™t do it because I got €œ The €œDeafult_Schema clause cannot be used with a windows group€?) Same as above but this time they only need select permission on tables nothing else.
I posted this question before, and got a response about Windows Update. However, I work in a larger corp. and need to know if there are any other answers to this? We use a patch client that rolls out patches and service packs after we have tested them in our environment. What can we do to stay as up to date as possible for security patches?
How are security patches for SQL Server Express made available (e.g., as separate distributions or bundled into other Microsoft patch distribution mechanisms)? Are there specific procedures that I need to put in place to ensure that it gets patched on end user machines?
Greetings. I have developed our own custom security extension, implemented forms based authentication, and can authenticate from report manager, report server and sql studio. So far so good.
However, when it comes to Authorization, i'm unclear in a few areas and would appreciate if someone could help me out with the following questions. It should be noted that in the code I have granted an administrator user full access to all operations and permissions, and then tested against both an administrator user and a normal user.
"Returns the set of permissions granted a specific user for an item in the report server database."
Inparticular, the secDesc parameter is supposed to contain the security descriptor associated with the item.
However, with our extension this parameter is always null, even if I have already granted access for a user, which is confirmed through logging in CreateSecurityDescriptor.
Through the report manager or sql studio I can see that the permissions have been created, so I can't understand why I never see them in the GetPermissions method? This then (seems to) flow through to the various CheckAccess methods, where the users are authenticated, but are not authorized to perform any operations. i.e. in report manager a user has no folders or reports available.
Is RS authorization designed around the concept that the details will always be stored in it's own database?
Ideally, we'd like to have the various roles, users and function authorizations defined in our own security framework. This is working great for the authentication aspect of the extension, but unless there is a mechanism which exposes the details of the particular authorization process (e.g. the name of the folder being viewed or report being run), then I can't see a way we can implement it. Unless i'm missing something fundamental of course!
Using Report Builder as the Administrator user (or any other user), I can see no data models available, even though I have created them via Report Manager, and I get the following exception trying to open up the list of reports:
System.Web.Services.Protocols.SoapException: The permissions granted to user '' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.ListChildrenAction.PerformActionNow() at Microsoft.ReportingServices.Library.RSSoapAction.Execute() at Microsoft.ReportingServices.WebServer.ReportingService2005.ListChildren(String Item, Boolean Recursive, CatalogItem[]& CatalogItems)
I have implemented a report server proxy (inherited from ReportService2005) as per the example, to pass through the authorization cookie. Any clues as to what could be wrong?
Finally, I suspect part of my problem may be in assignment of users to System Roles ("System Administrator" and "System User"), I'm not sure if these are meant only for Windows Authentication? I can see no way of assigning these roles to any of my users using Forms Authentication.
At this point in time, I can think of nothing more annoying than a button that doesn't work. Especially when that button is the HELP button.
Inside SSIS designer, say I add a "derived column tool" to the data flow task. Now if I double-click on the "derived column tool", and then click on the help button in the dialog box that appears, NO help is displayed. What gives?
Hi,when i try to see the properties of database "sales" (sql server express 2005) in Management Studio Express, i get this error message: (besides, when i try to expand the database, i get the error that it's emty)Cannot show requested dialog.ADDITIONAL INFORMATION:Cannot show requested dialog. (Microsoft.SqlServer.Express.SqlMgmt)------------------------------An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)------------------------------The server principal "Myserveradmin" is not able to access the database "sales" under the current security context. (Microsoft SQL Server, Error: 916)But the webapplication still runs: i can insert records, update, delete ... from asp.net.Any way to recover it?ThanksTartuffe
When I start SQL Server Management Studio (Sql 2005), a blank dialog box pops up with nothing in it. The title in the dialog box is "Microsoft SQL Server Management Studio" and it has a yellow triangle with an explanation point in it but there is no message just an OK button. I have to click the OK button to continue on to connect to the Sql databases. It does this everytime I open it. Anyone else getting this and how can I get rid of it?
Hi,Is it possible to avoid the last used server being in Query Analyzer'Connect to SQL Server' dialog by default(when I click on File/Connectin Query Analyzer) - I don't want to apply 'truncate table' scripts toa production server by mistake!Thanks
I am trying to lookup a dialog from conversation_endpoints, however if a dialog was created with the encryption setting to ON and thereis no master Key in the database then the record put in the conversation_endpoints is the same as one without encryption.
How can I distinguish between the one requested with no ecryption and requested with encryption but setup with none due to the lack of a key?
I'm trying to get the HelloWorld_CLR project that comes with the SQL 2005 samples download to work, which it seems to. However, after I run the application a few times, an exception indicating "the service queue ClientQueue is disabled." After running the following query I notice the body of the error message is consistently "The dialog has exceeded the specified LIFETIME."
select service_name as [SERVICE],
message_type_name as [TYPE],
CAST(message_body as nvarchar(max)) as BODY
from ClientQueue
I believe that the problem is a poison message causing a RECEIVE statement to get rolled back 5 times, disabling the queue. My question is: How do I troublshoot the issue from this point?
I created a new SSIS solution, right-clicked the default name "Package.dtsx" (under SSIS Packages), then renamed it. A dialog appears asking "Do you want to rename the package object as well"?
What are they referring to and what are the consequences of doing/not doing so?
Hi, SQL2K+SP4 When I load up Query Analyzer and click File -> Open to open up a query file, the open file dialog is always sorted by - i don't know alphabetically. How can I set the default to open up with files ordered alphabetically?
has anyone encountered the "microsoft visual studio cannot shut down because a modal dialog is active. close the active dialog and try again." error when shutting down.
i have been getting that every once and awhile, and do not see any open dialog windows that need to be closed, and i end up having to end-task on my visual studio session.
does anyone know what is causing this error and how to avoid it?
I'm studying course 2541B (Core Data Access with MVS 2005) and doing the labs. Unit04 (Performing disconnected operations programmatocally) should show a dialog while running the solution but instead I just get a directorylisting of the /StoreTracker/ directory. Why does this occur and what can i do about it?
when i want to open sql it show me error message and when i try again with ctrl+n it works but not complite! i have both .NET2003 and 2005 in my computer under mssql2005 windows2003EP
Could not load file or assembly 'SqlMgmt, Version=9.0.242.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A) (mscorlib)
------------------------------
Strong name validation failed. (Exception from HRESULT: 0x8013141A)
Per MSDN instructions I downloaded the folliwng: .NET Framework 2.0, SQL Server 2005, SQL Server Compact 3.5, and Visual Basic Expess Edition. When following the tutorial to create a database, I was never able to see the Local Database template. I am taking the programming lessons in VB, and I am up to Creating Your First Datatbase. It is a requirement that SQL Server Compact 3.5 be installed. Which I have done.