tags:

views:

45

answers:

1
Q: 

Getting "The Security Support Provider Interface (SSPI) negotiation failed" when using a ServiceHostFactory

Hi,

I recently started using a custom ServiceHostFactory because I want to use dependency injection with WCF. Both my client and service are being run from VS2010 on my local machine and the service is using the ASP.NET Development Server. Why am I having this problem now? I've had success with wsHttpSecurity in the past, having both the client and service on my local machine. I really think the only difference here is the use of a ServiceHostFactory. I've tried using the userPrincipalName attribute but I'm not even sure what I should be putting in for the value. Should it be MachineName\username? Will this attribute make a difference? I'd greatly appriciate any help you can provide.

+1  A: 

UserNamePrincipal describes service credentials. If you set UPN to some account you claim that service will be hosted in process running under that account. This information is passed in WSDL to client. When client opens channel to the service it first validate that service is running under claimed account (some security handshake). If not exception is thrown because service is not authenticated. If you run the service on development server you have to set UPN to your current account.

Ladislav Mrnka  2010-09-01 07:30:31
It worked. Thanks. What is the difference between userPrincipalName and servicePrincipalName. Do people typically have to set the servicePrincipalName when using WCF over the internet?
SideFX  2010-09-01 15:08:11
None of them is used for communication over Internet. It works only in the same Windows Domain (or trusted domains). User principal is just user name. For description of service principal check: http://technet.microsoft.com/en-us/library/cc961723.aspx Service principal is needed for Kerberos authentication.
Ladislav Mrnka  2010-09-01 18:20:32
Even though the above solution worked, it only works when I'm connected to my company's network. When I'm "offline", I get the same security exception.
SideFX  2010-09-02 15:16:26
Yes that happens if you use domain name as user principal and you are not connected to domain.
Ladislav Mrnka  2010-09-02 15:27:14

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability