• Question

  • Hi,

    I'm developing a database solution that I want to deploy via a DACPAC file (installed by SqlPackage.exe).
    The database includes an assembly, that requires PERMISSION_SET = UNSAFE on the CREATE ASSEMBLY command.

    To allow this, I want to create an asymmetric key using the CREATE ASYMMETRIC KEY command, follwed by CREATE LOGIN and GRANT UNSAFE ASSEMBLY to the login.

    Because I want everything to be contained in the DACPAC file, I need to specify the assembly bytes directly in T-SQL rather than loading the assembly from a file.

    The problem is, that CREATE ASYMMETRIC KEY doesn't allow the key to be created from bytes included in the T-SQL command.
    So...I cannot use CREATE ASSEMBLY because I need the asymmetric key first, but I cannot create the asymmetric key because it doesn't allow me to specify the bytes directly.

    Is there a solution out there?

    Thank you!


    Friday, July 3, 2015 10:48 AM

All replies

  • You create the asymmetric key from the assembly. Then again, you are not permitted to create an unsafe assembly without the permission, so there is a catch-22.

    The way I resolved in our load tool, is that I have two assemblies both signed by the key. One is just a safe dummy assembly. Load the dummy assembly into matser, create the key, the login and grant permission. Drop the dummy assembly. Now the real assembly can be loaded.

    Erland Sommarskog, SQL Server MVP,
    Friday, July 3, 2015 9:59 PM