I have a wcf application hosted in a windows service running a local windows account. Do I need to set an SPN for this account? If so, what's the protocol the SPN needs to be set under? I know how to do this for services over HTTP, but have never done it for net.tcp.
Asked
Active
Viewed 6,134 times
2 Answers
6
Change the service account to an AD account and register the SPN's as shown. Use your own service name e.g. fooservice
setspn -A fooservice/servermachinename domain\serviceAccountName
setspn -A fooservice/servermachinename.fullyqualifieddomainname domain\serviceAccountName
In the client config set:
<identity>
<serviceprincipalname value="fooservice/servermachinename" />
</identity>
3
By default (i.e. out of the box) net.tcp services are unsecured and don't perform any authentication at all. So you won't need (and in fact can't) set a service principal name.
If you need to authenticate, then check the net.tcp security modes on MSDN. The best way to understand the different combinations is to experiment!
Jeremy McGee
- 24,842
- 10
- 63
- 95
-
1Hey, chaps, why the downvotes? Pur-lease comment at the very least so we can all learn. – Jeremy McGee Sep 20 '09 at 13:22
-
I have no idea - it helped me. Here's a +1 to cheer you up :) – MPritchard Jun 14 '10 at 14:23