1

Question 1: Is there a way to make setspn.exe take effects without the need to restart the computer?

Question 2: I did set the SPN and ran my WCF service on the server. The client connected using Kerberos, then I changed the Identity element at client side and tried again. I found it was using NTLM instead of Kerberos but this is fine.

When I did change the SPN in the WCF service configuration file and re-ran the service (without changing the registered SPN), I found it used Kerberos authentication at client side. why changing the identity element of WCF service doesnt make any effect? How can this be?

NOTE: I am using fiddler to check the authentication.

Server side config file:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" />
  </system.web>
  <system.serviceModel>
    <services>
      <service name="WcfServiceLibrary1.Service1">
        <host>
          <baseAddresses>
            <add baseAddress = "https://FQDN:PORT/TESTSVC/" />
          </baseAddresses>
        </host>
        <!-- Service Endpoints -->
        <!-- Unless fully qualified, address is relative to base address supplied above -->
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="service_binding" contract="WcfServiceLibrary1.IService1">
          <identity>
            <servicePrincipalName value="svc1/FQDN:PORT" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="service_binding">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

Client side config file:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_IService1">
                    <security mode="Transport" />
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://FQDN:PORT/TESTSVC/"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
                contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
                <identity>
                    <servicePrincipalName value="ismine/nhdc1.nhandal2.local:8730" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>
ANUBIS
  • 31
  • 4

0 Answers0