如何将起始服务配置为使用匿名对话安全设置 (Transact-SQL)
SQL Server 将对话安全模式用于指向存在远程服务绑定的服务的所有会话。如果承载目标服务的数据库不包含与创建该对话的用户相对应的用户,则该对话使用匿名安全模式。
.gif "安全说明") 安全说明 |
|---|
只能安装来自可信来源的证书。 |
确保起始服务使用对话安全模式
从可信来源为远程数据库中的用户获取证书。
创建一个不含登录名的用户。
为该远程服务安装证书。步骤 3 中所创建的用户拥有该证书。默认情况下,证书可用于 BEGIN DIALOG。
创建指定该用户和该目标服务之间关系的远程服务绑定。对于匿名对话安全模式,在远程服务绑定中指定 ANONYMOUS = ON。
示例
此示例配置当前实例中名为 OrderParts 的服务与远程实例中名为 SupplierOrders 的服务之间的会话的匿名对话安全模式。
USE AdventureWorks ;
GO
-- Given a certificate for a remote user for the remote service
-- SupplierOrders, create a remote service binding for
-- the service. The remote user will be granted permission
-- to send messages to the local service OrderParts.
-- This example assumes that the certificate for the service
-- is saved in the file'C:\Certificates\SupplierOrders.cer' and that
-- the initiating service already exists.
-- Create a user without a login.
CREATE USER [SupplierOrdersUser]
WITHOUT LOGIN ;
GO
-- Install a certificate for the owner of the service
-- in the remote database. The certificate is
-- provided by the owner of the remote service. The
-- user for the remote service owns the certificate.
CREATE CERTIFICATE [SupplierOrdersCertificate]
AUTHORIZATION [SupplierOrdersUser]
FROM FILE='C:\Certificates\SupplierOrders.cer' ;
GO
-- Create the remote service binding. Notice
-- that the user specified in the binding
-- does not own the binding itself.
-- Creating this binding specifies that messages from
-- this database are secured using the certificate for
-- the [SupplierOrdersUser] user.
-- Since anonymous is ON, the credentials for the user
-- that begins the conversation are not used for the
-- conversation.
CREATE REMOTE SERVICE BINDING [SupplierOrdersBinding]
TO SERVICE 'SupplierOrders'
WITH USER = [SupplierOrdersUser],
ANONYMOUS = ON ;
GO