I have a wcf application hosted in a windows service running a local windows account. Do I need to set an SPN for this account? If so, what's the protocol the SPN needs to be set under? I know how to do this for services over HTTP, but have never done it for net.tcp. ...
Hi Guys I have a requirement to have a website running as a service accout for IP reasons, I also want to be able to use AzMan for Auth/Auth of the users. For some reason I cant seeem to get these working together. I have set up a sample app to test the waters that basically spits out some user credentials. Other than Azman and the web c...
In one of our networks we are utilizing the netTCPBinding. The WCF service hosted in windows service that run as a domain account. From the event viewer I can see that my WCF service uses Kerberos authentication. Everything works seamlessly "out-of-the-box" with simple default configuration without an <identity> element in the configu...
I have a WCF service hosted in a Windows service. The application is an intranet app, and I have programmatically set the bindings on both the service and the client as: NetTcpBinding aBinding = new NetTcpBinding(SecurityMode.Transport); aBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows; aBinding.Securit...
I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the code, and it seems to working (I'm authenticating fine), but the resulting security context doesn't have the ISC_REQ_DELEGATE flag set. So I'm thinking that maybe one of the endpoints (client or server) is forbidden to delegate. Ho...
Hi, We have a web application, running in an application pool as 'NETWORK SERVICE'. The web application connects to a service (.svc) on another web server. The other web server also has the service hosted as 'NETWORK SERVICE'. I believe this is the default. The following endpoint, when run anywhere else works perfectly. <endpoint addr...
If I have single SharePoint server with no header (for testing) and my client app only needs to only access the web app with Kerberos configured, I already configured the app pool for that web app with domain user (SPN), do I really need to configure domain users (SPNs) for all services (e.g. SQL server, MOSS admin, farm, etc.) even thou...
I'm getting the "There was no endpoint listening at net.pipe://localhost" error as described in other places but I cannot seem to find a real answer. This is a great identifier of the problem: http://kennyw.com/indigo/102 When using WCF, Windows authentication is performed through SSPI-Negotiate, which in most cases will select ...