servicePrincipalName 应该具有什么值?
我正在尝试在我的服务上设置客户端模拟。
我需要为我的服务端点的 servicePrincipalName 设置一个值
我正在查看这个 MSDN 文章,但仍然无法完全弄清楚
我的服务托管在我们称为 ServerName1 的服务器上的控制台应用程序中。
Uri 为:net.tcp://ServerName1:9990/TestService1/。
我的 servicePrincipalName 具体应该是什么?
我尝试了一下,但没有高兴:
<identity>
<servicePrincipalName value="ServerName1" />
</identity>
I'm trying to set up client impersonation on my service.
I need to set a value for the servicePrincipalName of my services endPoint
I'm looking at this MSDN article but still cannot quite figure it out
My service is hosted in a console app on a server that we'll call ServerName1.
The Uri is: net.tcp://ServerName1:9990/TestService1/.
What specifically should my servicePrincipalName be?
I tried, with no joy:
<identity>
<servicePrincipalName value="ServerName1" />
</identity>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
配置servicePrincipleName是一个很难用几句话来描述的话题
也许这些文章会有所帮助:
最有可能的是,您需要将其配置为以下方式
我们通常使用 userPrincipalName 而不是 servicePrincipalName,像这样
Configuring servicePrincipleName is a difficult topic to describe it in a few words
Perhaps these articles will help:
Most probably, you need to configure it the following way
We usually use userPrincipalName instead of servicePrincipalName, like this
您希望使用该服务的用户名(在其下执行)。因此,如果您想在“本地网络”凭据下执行它,上面的 XML 应该如下所示:
The name of the user you wish the service to user (execute under). So if you want to execute it under 'local network' credentials the above XML should look like:
有关如何构建 SPN 的完整指南,请查看以下文章:
https://geertbaeten.wordpress.com/2013/06/03/kerberos-authentication-and-delegation-serviceprincipalnames/
http://blogs.iis.net/brian-murphy-booth/archive/2007 /03/09/the-biggest-mistake-serviceprincipalname-s.aspx
这些更多是关于基础设施方面(ADDS)的,但第一部分对程序员也非常有用
For a complete guide on how to build your SPN, check out these articles:
https://geertbaeten.wordpress.com/2013/06/03/kerberos-authentication-and-delegation-serviceprincipalnames/
http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/the-biggest-mistake-serviceprincipalname-s.aspx
Those are more about the infrastructure side (ADDS) but the first part is very usefull for programmers too
使用 IIS 托管的 WCF 服务时。
我们使用“host/computerName”作为
在下图中
/C??????DataService 是应用程序名称(“Tom's TestService1”)
应用程序池:C?????池可以是“DefaultAppPool”,在“应用程序用户(直通身份验证)”的情况下,您将使用“IIS AppPool\DefaultAppPool”作为用户授予对特定资源的权限,例如文件或 SQL Server 连接字符串。
而且,即使使用匿名身份验证,您也可以将“表单授权”设置为 WCF 应用程序内的特定资源,例如“MasterSettings.svc”。
希望这有帮助
When using WCF services hosted by IIS.
We have using "host/computerName", as
<servicePrincipalName />, for anonymous connection. Inside of your WCF application, you can set the application pool, for example "iis apppool\defaultAppPool", this user will be the real connected user.In the below image
/C??????DataService is the application name ("Tom's TestService1")
Application Pool: C????Pool can be "DefaultAppPool", in the case of "Application User (pass-through authentication)", you will use the "IIS AppPool\DefaultAppPool" as a user to grant rights to specific resource, like a file or a sql server connection string.
And, even using anonymous authentication, you can set "forms authorization", to an specific resource inside the WCF application, for example "MasterSettings.svc".
hope this helps