¦p¦ó¨Ï¥Î¦h­Ó SQL Server 2005 °õ¦æ­ÓÅ骺 SQL Server 2005 ªA°È¤¤Ä~µ{¦¡»·ºÝ¦w¥þ©Ê¾ÌÃÒ

• ¨Ï¥Î [¾ÌÃҫإߤu¨ã (Makecert.exe) ¨Ó«Ø¥ß¥|­Ó¾ÌÃÒ©M¥|­Ó¨p¥Îª÷Æ_ÀɮסC¥»½d¨Ò°²³]³o¨ÇÀɮפw¸g½Æ»s¨ì¨â¥x¦øªA¾¹¤Wªº [C:\Certificates] ¸ê®Æ§¨¡A¦Ó¥B¸ÓÀɮתº©R¦W¤U¦C¡G
  • SourceServer.cer
  • SourceServer.pvk
  • TargetServer.cer
  • TargetServer.pvk
  • DlgSourceServer.cer
  • DlgSourceServer.pvk
  • DlgTargetServer.cer
  • DlgTargetServer.pvk
  ¦p»Ý¦³Ãö¦p¦ó«Ø¥ß¨Ñ´ú¸Õ¾ÌÃÒªº¸Ô²Ó¸ê°T¡A½Ð³y³X¤U¦C Microsoft ¶}µo o ¤H h ­û ? ¤u u ¨ã ? ºô¸ô (MSDN) ºô¯¸]¡G
  http://msdn2.microsoft.com/en-us/library/bfsktky3(vs.71).aspx (http://msdn2.microsoft.com/en-us/library/bfsktky3(vs.71).aspx)
• ±z¦b¬Û¦Pªººô¸ô¤¤ªº¤£¦P¦øªA¾¹¤W¦w¸Ë¨â­Ó SQL Server 2005 °õ¦æ­ÓÅé¡C¥»½d¨Ò°²³]²Ä¤@³¡¦øªA¾¹·|¬° ServerSrc¡A²Ä¤G­Ó¦øªA¾¹¬° ServerTag¡C
• ±z¨Ï¥Î SQL Server sysadmin ©T©w¦øªA¾¹¨¤¦âªº¦¨­ûªºµn¤J³s½u¦Ü¨â­Ó°õ¦æ­ÓÅé¡C
• ±z©Ò°µ½T©w TCP ³s±µ°ð 4022 ¥i¥H¨Ï¥Î¡C¦b³o­Ó½d¨Ò³s±µ°ð±N¥Î©ó¥Ñ¨â­Ó°õ¦æ­ÓÅé¬Û¤¬³s±µ¡C

¦^¦¹­¶³Ì¤W¤è

¬° SQL Server °õ¦æ­ÓÅé ServerSrc ¦øªA¾¹¤W³]©w SQL Server 2005 ªA°È¤¤Ä~µ{¦¡

1. ÂǥѨϥΠSQL Server ºÞ²z Studio¡A¥H³s±µ¨ì ServerSrc ¦øªA¾¹¤W°õ¦æ­ÓÅé¡C
2. ¬d¸ß½s¿è¾¹¤¤°õ¦æ¤U¦Cªº Transact-SQL ³¯­z¦¡¡G

   --Configure the transport security.
   USE MASTER
   go
   
   --Create a master key in the master database.
   CREATE MASTER KEY ENCRYPTION BY password = 'MasterKeyPassword'
   Go
   
   --Create a certificate for transport security.
   CREATE CERTIFICATE ctfSourceServerMaster
   FROM FILE = 'C:\Certificates\SourceServer.cer'
   WITH PRIVATE KEY ( FILE = 'C:\Certificates\SourceServer.pvk' , DECRYPTION BY PASSWORD = 'PrivateKeyPassword' )
   ACTIVE FOR BEGIN_DIALOG = ON
   GO
   
   --Create the login and the user to own a certificate.
   CREATE LOGIN remcert WITH PASSWORD = 'LoginPassword'
   GO
   CREATE USER remcert FOR LOGIN remcert
   GO
   CREATE CERTIFICATE ctftTargetServerMaster
   AUTHORIZATION remcert
   FROM FILE = 'C:\Certificates\TargetServer.cer'
   ACTIVE FOR BEGIN_DIALOG = ON
   GO
   
   --Create a new endpoint for SQL Server 2005 Service Broker, and set the AUTHENTICATION option to use the ctfSourceServerMaster certificate.
   CREATE ENDPOINT BrokerEndpoint
   	STATE = STARTED
   	AS TCP
   	(
   		LISTENER_PORT = 4022
   	)
   	FOR SERVICE_BROKER (AUTHENTICATION = CERTIFICATE ctfSourceServerMaster)
   GO
   
   --Grant the required permissions to the remcert login.
   GRANT CONNECT TO remcert
   GRANT CONNECT ON ENDPOINT::BrokerEndpoint to remcert
   GO
   
   --Create a new database for testing.
   CREATE DATABASE SourceDB
   GO
   USE SourceDB
   GO
   
   --Configure the dialog security.
   
   --Create a master key in the SourceDB database.
   CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'MasterKeyPassword'
   
   --Create a certificate for the SourceDB database.
   CREATE CERTIFICATE ctfDlgSourceServer
   FROM FILE = 'C:\certificates\DlgSourceServer.cer'
   WITH PRIVATE KEY 
   (FILE='C:\certificates\DlgSourceServer.pvk',decryption by password='PrivateKeyPassword')
   ACTIVE FOR BEGIN_DIALOG = ON
   GO
   
   --Create a user for the remcert login that owns a certificate for the dialog security.
   CREATE USER remcert for LOGIN remcert
   GO
   CREATE CERTIFICATE ctfDlgTargetServer
   AUTHORIZATION remcert
   FROM FILE = 'C:\certificates\DlgTargetServer.cer'
   ACTIVE FOR BEGIN_DIALOG = ON
   
   --Create a message type, a contract, a queue, and a service.
   
   CREATE MESSAGE TYPE [mymsg] VALIDATION = NONE 
   CREATE CONTRACT [mycon] ([mymsg] SENT BY ANY)
   CREATE QUEUE [myQueue]
   CREATE SERVICE [SourceService] ON QUEUE [myQueue]([mycon])
   GO
   
   --Grant the send permission to the user.
   GRANT SEND ON SERVICE::[SourceService] TO remcert
   
   --Create a remote service binding for the target service. 
   CREATE REMOTE SERVICE BINDING [Certificate_Binding_on_server]
      TO SERVICE 'TargetService'
      WITH  USER = remcert,
      ANONYMOUS=Off  
   
   --Create a route for the target service.
   CREATE ROUTE [myRoute]
       WITH 
       SERVICE_NAME = 'TargetService',
       address = 'TCP://ServerTag:4022';
   
   

   µ§°OMasterKeyPassword ¬O±z¥²¶·«ü©w¸ê®Æ®wªº¥D­nª÷Æ_±K½Xªº¹w¯d¦ì¸m¡C PrivateKeyPassword ¬O¨p¥Îª÷Æ_±z«ü©wªº.pvk ¨p¥Îª÷Æ_Àɪº±K½X¹w¯d¦ì¸m¨Ï¥Î¾ÌÃҫإߤu¨ã¡CLoginPassword ¬O·s«Ø¥ßªºµn¤J±K½X¹w¯d¦ì¸m¡C

¦^¦¹­¶³Ì¤W¤è

¬° SQL Server °õ¦æ­ÓÅé ServerTag ¦øªA¾¹¤W³]©w SQL Server 2005 ªA°È¤¤Ä~µ{¦¡

1. ÂǥѨϥΠSQL Server ºÞ²z Studio¡A¥H³s±µ¨ì ServerTag ¦øªA¾¹¤W°õ¦æ­ÓÅé¡C
2. ¬d¸ß½s¿è¾¹¤¤°õ¦æ¤U¦Cªº Transact-SQL ³¯­z¦¡¡G

   --Configure the transport security.
   USE MASTER
   go
   
   --Create a master key in the master database.
   CREATE MASTER KEY ENCRYPTION BY password = 'MasterKeyPassword'
   Go
   
   --Create a certificate for transport security.
   CREATE CERTIFICATE ctfTargetServerMaster
   FROM FILE = 'c:\certificates\TargetServer.cer'
   WITH PRIVATE KEY (FILE='c:\certificates\TargetServer.pvk',decryption by password='PrivateKeyPassword')
   ACTIVE FOR BEGIN_DIALOG = ON
   GO
   
   --Create the login and the user to own a certificate.
   CREATE LOGIN remcert WITH PASSWORD = 'LoginPassword'
   GO
   CREATE USER remcert FOR LOGIN remcert
   GO
   CREATE CERTIFICATE ctfSourceServerMaster
   AUTHORIZATION remcert
   FROM FILE = 'c:\certificates\SourceServer.cer'
   ACTIVE FOR BEGIN_DIALOG = ON
   GO
   
   --Create a new endpoint for SQL Server 2005 Service Broker, and set the AUTHENTICATION option to use the ctfSourceServerMaster certificate.
   CREATE ENDPOINT BrokerEndpoint
   	STATE = STARTED
   	AS TCP
   	(
   		LISTENER_PORT = 4022
   	)
   	FOR SERVICE_BROKER (AUTHENTICATION = CERTIFICATE ctfTargetServerMaster)
   GO
   
   --Grant the required permissions to the remcert login.
   GRANT CONNECT TO remcert
   GRANT CONNECT ON ENDPOINT::BrokerEndpoint to remcert
   GO
   
   --Create a new database for testing.
   CREATE DATABASE TargetDB
   GO
   USE TargetDB
   GO
   
   --Configure the dialog security.
   
   --Create a master key in the TargetDB database.
   CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'MasterKeyPassword'
   
   --Create a certificate for the TargetDB database.
   CREATE CERTIFICATE ctfDlgTargetServer
   FROM FILE = 'c:\certificates\DlgTargetServer.cer'
   WITH PRIVATE KEY 
   (FILE='c:\certificates\DlgTargetServer.pvk',decryption by password='PrivateKeyPassword')
   ACTIVE FOR BEGIN_DIALOG = ON
   GO
   
   --Create a user for the remcert login that owns a certificate for the dialog security.
   CREATE USER remcert for LOGIN remcert
   GO
   CREATE CERTIFICATE ctfDlgSourceServer
   AUTHORIZATION remcert
   FROM FILE = 'C:\certificates\DlgSourceServer.cer'
   ACTIVE FOR BEGIN_DIALOG = ON
   
   --Create a message type, a contract, a queue, and a service.
   CREATE MESSAGE TYPE [mymsg] VALIDATION = NONE 
   CREATE CONTRACT [mycon] ([mymsg] SENT BY ANY)
   CREATE QUEUE [myQueue]
   CREATE SERVICE [TargetService] ON QUEUE [myQueue]([mycon])
   GO
   
   --Grant the send permission to the user.
   GRANT SEND ON SERVICE::[TargetService] TO remcert
   GO
   
   --Create a remote service binding for the target service. 
   CREATE REMOTE SERVICE BINDING [Certificate_Binding_on_server]
      TO SERVICE 'SourceService'
      WITH  USER = remcert,
      ANONYMOUS=Off  
   --Create a route for the target service.
   CREATE ROUTE [myRoute]
       WITH 
       SERVICE_NAME = 'SourceService',
       address = 'TCP://ServerSrc:4022';

¦^¦¹­¶³Ì¤W¤è

´ú¸Õ»·ºÝ¦w¥þ©Êªº SQL Server 2005 ªA°È¤¤Ä~µ{¦¡

USE SourceDB
SET NOCOUNT ON
DECLARE @conversationHandle uniqueidentifier
BEGIN TRANSACTION
	-- Start dialog.
	BEGIN DIALOG  @conversationHandle
	FROM SERVICE    [SourceService]
	TO SERVICE      'TargetService'
	ON CONTRACT     [mycon]
	WITH ENCRYPTION = ON, LIFETIME = 600;

	-- Send message.
	SEND ON CONVERSATION @conversationHandle 
	MESSAGE TYPE [mymsg] (N'Hi, from '+@@ServerName)
COMMIT

SELECT CONVERT(NVARCHAR(MAX),message_body) FROM myQueue
GO

Hi, from ServerSrc

¦^¦¹­¶³Ì¤W¤è

• ºÞ²z¦w¥þ©Ê (ªA°È¥ò¤¶)
• ºô¸ô©M»·ºÝ¦w¥þ©Ê
• ªA°È¤¤Ä~µ{¦¡¹ï¸Ü¦w¥þ©Ê
• §PÂ_¹ï¸Ü¦w¥þ©ÊÃþ«¬
• »·ºÝªA°Èôµ²

¦^¦¹­¶³Ì¤W¤è