I've created a WCF service with a wsHttpBinding and Message security. Then I added a service reference which resulted in the client's config file being updated with this:
<client>
<endpoint address="http://localhost:42160/Service1.svc/secure"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="SecureProxy.IService1" name="WSHttpBinding_IService1">
<identity>
<userPrincipalName value="[email protected]" />
</identity>
</endpoint>
</client>
I don't understand what the userPrincipalName is for. No matter what I modify the value to, the client and service communicate successfully. It doesn't seem to serve any purpose.
This MSDN article attempts to explain the purpose in detail, and somehow manages to explain nothing at all.
What problem was Microsoft trying to solve by adding that into the WCF story? Again, I can change the value to anything I want and it doesn't affect the client and service.
Also, here is a similar question.
In general the upn is there to authenticate the server to the client (e.g. you instruct your client which server is trusted and which not, like client validate hosts in ssl).
I think if the upn has right value then communication will use kerberos and if it is wrong then communication would use ntlm (if available under some conditions). Try to disable ntlm and then only the right value for upn will work:
<clientCredentials>
<windows allowNtlm="false" />
</clientCredentials>
There is also a way to check if kerberos or ntlm were used by putting a breakpoint/log on the server and checking the ServiceSecurityContext.Current. You should get different value depending on the upn value.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With