What value should the servicePrincipalName have?
Asked Answered
W

4

12

I'm trying to set up client impersonation on my service.

I need to set a value for the servicePrincipalName of my services endPoint

I'm looking at this MSDN article but still cannot quite figure it out

My service is hosted in a console app on a server that we'll call ServerName1.
The Uri is: net.tcp://ServerName1:9990/TestService1/.

What specifically should my servicePrincipalName be?

I tried, with no joy:

<identity>
    <servicePrincipalName value="ServerName1" />
</identity>
Wheaten answered 18/8, 2009 at 6:42 Comment(0)
J
11

Configuring servicePrincipleName is a difficult topic to describe it in a few words Perhaps these articles will help:

Most probably, you need to configure it the following way

<identity>
    <servicePrincipalName value="HOST/ServerName1:9990" />
</identity>

We usually use userPrincipalName instead of servicePrincipalName, like this

<identity>
  <userPrincipalName value="[email protected]" />
</identity>
Jumna answered 18/8, 2009 at 7:30 Comment(0)
D
10

The name of the user you wish the service to user (execute under). So if you want to execute it under 'local network' credentials the above XML should look like:

<identity>
    <servicePrincipalName value="Local Network" />
</identity>
Deplete answered 18/8, 2009 at 7:9 Comment(3)
So is there a list of accepted values that can be used here i.e. "Local Network" being one of them? What value should it be if i want to use the calling clients user credentials?Wheaten
@Wheaten I don't believe you can set that in the configuration but you can do it from codeDeplete
I was using a network service to run my automated tests including generating SOAP requests to test some WCF services. The requests were failing and this "Local Network" setting solved my issue.Phantasm
C
1

For a complete guide on how to build your SPN, check out these articles:

https://geertbaeten.wordpress.com/2013/06/03/kerberos-authentication-and-delegation-serviceprincipalnames/

http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/the-biggest-mistake-serviceprincipalname-s.aspx

Those are more about the infrastructure side (ADDS) but the first part is very usefull for programmers too

Coatbridge answered 11/6, 2013 at 13:10 Comment(0)
S
0

When using WCF services hosted by IIS.

We have using "host/computerName", as <servicePrincipalName />, for anonymous connection. Inside of your WCF application, you can set the application pool, for example "iis apppool\defaultAppPool", this user will be the real connected user.

In the below image /C??????DataService is the application name ("Tom's TestService1") Application Pool: C????Pool can be "DefaultAppPool", in the case of "Application User (pass-through authentication)", you will use the "IIS AppPool\DefaultAppPool" as a user to grant rights to specific resource, like a file or a sql server connection string.

And, even using anonymous authentication, you can set "forms authorization", to an specific resource inside the WCF application, for example "MasterSettings.svc".

enter image description here

hope this helps

Shogunate answered 19/2, 2018 at 9:34 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.