Reputation:
WCF security problem
I have an app that accesses a WCF service on a server which is hosted in a console app. I don't have a problem there, it's when I try access another service from the console app that's on yet another server that i have the problem.
I'm using TCP to connect and i'm using all the default security values.
So i'm going from A->B and then it dies going from B->C with. Note that when i just go from A->C everything is fine
The error: "a call to SSPI failed" ... "the target principal name is incorrect" ... stack trace ...
In B when i print out
Console.WriteLine(ServiceSecurityContext.Current.PrimaryIdentity.Name);
Console.WriteLine("ServiceSecurityContext.Current.WindowsIdentity.Name);
i can see that it's my windows login which is fine
So it seems that it doesn't pass on my credentials when it goes from B->C
Any ideas?
Upvotes: 7
Views: 6736
Answers (2)
Reputation: 293
You are encountering what's called the Double Hop problem.
http://blogs.msdn.com/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx.
The solution is generally to use Kerberos authentication, which as Spence says, involves things like SPNs.
Upvotes: 3
Reputation: 29332
SSPI indicates you're using windows authentication.
Have you created a secure principal name for service C in your domain? google the setspn command. The issue is that windows will not pass a credential from the domain to an untrusted system. You trust it by providing the secure principal name in the domain which then allows the token to be passed.
Secure Principal Name SPN Creation Tutorial
Upvotes: 8
Related Questions
- WCF security issue on client side
- WCF security failing
- WCF security implementation design issue
- Security Exception WCF
- Is there a security bug in MY wcf application?
- WCF transport layer security trouble
- WCF Security Question
- WCF security exception
- Need help in protecting WCF service
- WCF windows authentication security error