The issueWhen we build enterprise level SOA system on top of windows servers, if the environment is with Active Directory, using windows authentication is probably the most appropriate authentication mechanism which is secure, straight forward to build and easy to maintain. Underneath WCF's windows authentication implementation, two SSP are used: Kerberos and NTLM. You might encounter the same issues like I did, here I want to share some of the experience come from my trouble shooting. If we use domain user to host a WCF service, and call this service from another machine, very likely we will have this error: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The target principal name is incorrect There are quite a lot articles (1, 2, 3, 4) discussing this issue, basically their solution is to: use setspn.exe to create an SPN for the domain account
configure at client side, set spn as client identity However, the odd thing is actually we can skip step 1, and set a dummy string in step 2, it also works. Why? I am not the first one who has this question, these 2 posts (1, 2) has the exact same question against this. So, I decided to dig deeper and find the root cause.
Read more: Tianxiang Chen's Tech Blog
QR:
configure at client side, set spn as client identity However, the odd thing is actually we can skip step 1, and set a dummy string in step 2, it also works. Why? I am not the first one who has this question, these 2 posts (1, 2) has the exact same question against this. So, I decided to dig deeper and find the root cause.
Read more: Tianxiang Chen's Tech Blog
QR:
Posts
0 comments:
Post a Comment