I have a wcf application hosted in a windows service running a local windows account. Do I need to set an SPN for this account? If so, what's the protocol the SPN needs to be set under? I know how to do this for services over HTTP, but have never done it for net.tcp.
+1
A:
By default (i.e. out of the box) net.tcp services are unsecured and don't perform any authentication at all. So you won't need (and in fact can't) set a service principal name.
If you need to authenticate, then check the net.tcp security modes on MSDN. The best way to understand the different combinations is to experiment!
Jeremy McGee
2008-09-02 20:12:02
Hey, chaps, why the downvotes? Pur-lease comment at the very least so we can all learn.
Jeremy McGee
2009-09-20 13:22:36
I have no idea - it helped me. Here's a +1 to cheer you up :)
MPritch
2010-06-14 14:23:19
+2
A:
Change the service account to an AD account and register the SPN's as shown. Use your own service name e.g. fooservice
setspn -A fooservice/servermachinename domain\serviceAccountName
setspn -A fooservice/servermachinename.fullyqualifieddomainname domain\serviceAccountName
in the client config set
[identity] [serviceprincipalname = "fooservice/servermachinename"/] [/identity]
change the xml tags to use gt and lt signs.
Pratik
2008-09-16 10:29:43