通过网络非对称密钥创建 [英] asymmetric key creation over network
问题描述
我正在尝试使用向SQL2008中的数据库添加程序集 href ="http://msdn.microsoft.com/en-us/library/ms174430.aspx">非对称密钥.
I'm attempting to add an assembly to a database in SQL2008 using an asymmetric key.
我们正在使用十六进制字符串添加程序集(仅通过sql查询将程序集添加到服务器)
We're adding the assembly using a hex string (adding assemblies to servers through sql queries only)
USE [master]
GO
IF NOT EXISTS (SELECT * from sys.asymmetric_keys where name = 'ManagedAsymmetricKey')
BEGIN
CREATE ASYMMETRIC KEY ManagedAsymmetricKey FROM FILE = 'C:\Managed.dll'
CREATE LOGIN CLRLogin FROM ASYMMETRIC KEY ManagedAsymmetricKey
GRANT UNSAFE ASSEMBLY TO CLRLogin
END
GO
USE [$dbName]
GO
CREATE ASSEMBLY [Managed]
AUTHORIZATION [dbo]
FROM 0x4D5A....
WITH PERMISSION_SET = UNSAFE
GO
这将在本地实例上运行,但是会通过我们收到的网络运行;
The certificate, asymmetric key, or private key file does not exist or has invalid format.
This will work on a local instance however over the network we receive;
The certificate, asymmetric key, or private key file does not exist or has invalid format.
我可能会错误地认为我应该先添加密钥,然后再添加程序集,然后再按CREATE ASYMMETRIC KEY ManagedAsymmetricKey FROM ASSEMBLY [workingDB].[dbo].[Managed]的方式进行操作?
I may be assuming wrongly that I should be adding the key first, should I be adding the assembly then doing something along the lines of CREATE ASYMMETRIC KEY ManagedAsymmetricKey FROM ASSEMBLY [workingDB].[dbo].[Managed] ?
推荐答案
您可以使用以下步骤使其正常工作:
You can use the following steps to get it working:
- 使用SAFE权限集运行您的create Assembly语句(即使程序集需要UNSAFE才能执行)
- 从程序集中创建非对称密钥
- 删除您的程序集
- 通过非对称密钥创建登录名
-
授予登录不安全的程序集权限
- run your create assembly statement with SAFE permission_set (even if the assembly needs UNSAFE for execution)
- create the asymmetric key from the assembly
- drop your assembly
- create a login from the asymmetric key
grant the login unsafe assembly rights
CREATE ASSEMBLY [Managed]
AUTHORIZATION [dbo]
FROM 0x4D5A....
WITH PERMISSION_SET = SAFE
CREATE ASYMMETRIC KEY ManagedAsymmetricKey FROM ASSEMBLY [Managed]
DROP ASSEMBLY [Managed]
CREATE LOGIN CLRLogin FROM ASYMMETRIC KEY ManagedAsymmetricKey
GRANT UNSAFE ASSEMBLY TO CLRLogin
这篇关于通过网络非对称密钥创建的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
