Reputation:
What value should the servicePrincipalName have?
I'm trying to set up client impersonation on my service.
I need to set a value for the servicePrincipalName of my services endPoint
I'm looking at this MSDN article but still cannot quite figure it out
My service is hosted in a console app on a server that we'll call ServerName1.
The Uri is: net.tcp://ServerName1:9990/TestService1/.
What specifically should my servicePrincipalName be?
I tried, with no joy:
<identity>
<servicePrincipalName value="ServerName1" />
</identity>
Upvotes: 12
Views: 28558
Answers (4)
Reputation: 718
When using WCF services hosted by IIS.
We have using "host/computerName", as <servicePrincipalName />, for anonymous connection. Inside of your WCF application, you can set the application pool, for example "iis apppool\defaultAppPool", this user will be the real connected user.
In the below image /C??????DataService is the application name ("Tom's TestService1") Application Pool: C????Pool can be "DefaultAppPool", in the case of "Application User (pass-through authentication)", you will use the "IIS AppPool\DefaultAppPool" as a user to grant rights to specific resource, like a file or a sql server connection string.
And, even using anonymous authentication, you can set "forms authorization", to an specific resource inside the WCF application, for example "MasterSettings.svc".
hope this helps
Upvotes: 0
Reputation: 11
For a complete guide on how to build your SPN, check out these articles:
Those are more about the infrastructure side (ADDS) but the first part is very usefull for programmers too
Upvotes: 1
Reputation: 3336
Configuring servicePrincipleName is a difficult topic to describe it in a few words Perhaps these articles will help:
- Overriding the Identity of a Service for Authentication
- Security in Windows Communication Foundation
Most probably, you need to configure it the following way
<identity>
<servicePrincipalName value="HOST/ServerName1:9990" />
</identity>
We usually use userPrincipalName instead of servicePrincipalName, like this
<identity>
<userPrincipalName value="[email protected]" />
</identity>
Upvotes: 11
Reputation: 21752
The name of the user you wish the service to user (execute under). So if you want to execute it under 'local network' credentials the above XML should look like:
<identity>
<servicePrincipalName value="Local Network" />
</identity>
Upvotes: 10
Related Questions
- Cannot set service name attribute in web.config for WCF web service
- wcf web service identity servicePrincipalName explanation required
- WCF what should be the endpointConfigurationName?
- Is it possible to avoid specifying servicePrincipalName if both client and service are running under the same account on the same server?
- How to configure WCF services
- Properties in .NET WCF Service
- Create WCF service client with specified address without specifying configuration name
- How to programmatiacally set the Service Principal Name on a hosted service
- WCF Service Name & Binding Name
- WCF Service default values