We have setup a distributed service broker environment in SQL Server 2008. There is one publisher of data and multiple subscribers of published data. We need some of these subscribers to communicate with publisher via windows authentication and others via certificate based authentication. Is it possible to create a service broker endpoint on publisher side with both certificate and windows based authentication? Also is it required that the all subscribers have a symmetric definition of endpoint at their end? Can we define some endpoints at subscriber end to support only windows and some only certificate?
Service broker endpoints, as well as Database Mirroring Endpoints, support mixed mode authentication. Simply specify both modes desired:
CREATE ENDPOINT broker
STATE = STARTED
AS TCP (LISTENER_PORT = 4022)
FOR SERVICE_BROKER (AUTHENTICATION = WINDOWS CERTIFICATE [<certificatename>]);
When configured like this an endpoint will accept connections from other endpoints that are configured to used only WINDOWS authentication and will use Windows with them. IT will also accept connections from other endpoint that are configured to use only CERTIFICATE and will use Certificate with them. Furthermore, when authenticating with another endpoints that is also configure to use both WINDOWS and CERTIFICATE then the authentication will be attempted on both protocols and the connection is rejected only if both protocols failed. IF either WINDOWS or CERTIFICATE succeeds, the the connection is allowed. The order is determined by the host accepting the connection.