kerberos如何识别SPN条目

时间:2014-06-19 13:21:10

标签: c# wcf authentication kerberos spn

问题1:有没有办法让setspn.exe在不需要重启计算机的情况下生效?

问题2:我确实设置了SPN并在服务器上运行了我的WCF服务。客户端使用Kerberos连接,然后我在客户端更改了Identity元素并再次尝试。我发现它使用的是NTLM而不是Kerberos,但这很好。

当我更改了WCF服务配置文件中的SPN并重新运行服务(不更改已注册的SPN)时,我发现它在客户端使用了Kerberos身份验证。为什么更改WCF服务的标识元素不会产生任何影响? 怎么会这样?

注意:我正在使用fiddler来检查身份验证。

服务器端配置文件:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" />
  </system.web>
  <system.serviceModel>
    <services>
      <service name="WcfServiceLibrary1.Service1">
        <host>
          <baseAddresses>
            <add baseAddress = "https://FQDN:PORT/TESTSVC/" />
          </baseAddresses>
        </host>
        <!-- Service Endpoints -->
        <!-- Unless fully qualified, address is relative to base address supplied above -->
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="service_binding" contract="WcfServiceLibrary1.IService1">
          <identity>
            <servicePrincipalName value="svc1/FQDN:PORT" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="service_binding">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

客户端配置文件:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_IService1">
                    <security mode="Transport" />
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://FQDN:PORT/TESTSVC/"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
                contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
                <identity>
                    <servicePrincipalName value="ismine/nhdc1.nhandal2.local:8730" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

0 个答案:

没有答案
相关问题
最新问题