I'm trying to build a minimal client for a WCF service, using the WSHttpBinding with SecurityMode: Message over a direct channel interface.
My current code is very simple:
EndpointIdentity i = EndpointIdentity.CreateX509CertificateIdentity(clientCertificate);
EndpointAddress a = new EndpointAddress(new Uri("http://myServerUrl"), i);
WSHttpBinding b= new WSHttpBinding(SecurityMode.Message);
ChannelFactory<IRequestChannel> channelFactory = new ChannelFactory<IRequestChannel>(b, a);
channelFactory.Open();
IRequestChannel channel = channelFactory.CreateChannel();
channel.Open();
Message response = channel.Request(requestMessage);
The clientCertificate gets loaded properly. However, afterwards, I'm unsure if I call every function the correct way.
The Fact is: The last line of the code snippet throws a MessageSecurityException with the content
Client cannot determine the Service Principal Name based on the identity in the target address 'http://myServerUrl' for the purpose of SspiNegotiation/Kerberos. The target address identity must be a UPN identity (like acmedomain\alice) or SPN identity (like host/bobs-machine).
What could be the reason for this problem?