Menu
I have a wcf application hosted in a windows service running a local windows account. Do I need to set an SPN for this account? If so, what's the protocol the SPN needs to be set under? I know how to do this for services over HTTP, but have never done it for net.tcp.
654
As a security precaution, an administrator must manually enable the Net. TCP Port Sharing Service prior to first use. The Net. TCP Port Sharing Service exposes configuration options that allow you to manipulate several characteristics of the network sockets owned by the port sharing service.
In the Name column of the list of services, right-click the Net. Tcp Port Sharing Service, and select Properties from the menu. To enable the manual start-up of the service, in the Properties window select the General tab, and in the Startup type box select Manual, and then click Apply.
Port 808 is the Microsoft Net. TCP Port Sharing Service. "Windows Communication Foundation (WCF) provides a new TCP-based network protocol (net.
net. tcp is simply the URI scheme used within Windows to identify endpoints that can be accessed using TCP. Similarly, net. msmq and net. pipe , are the URI schemes to address endpoints that utilise the MSMQ protocol and Named Pipes protocol, respectively.
Change the service account to an AD account and register the SPN's as shown. Use your own service name e.g. fooservice
setspn -A fooservice/servermachinename domain\serviceAccountName
setspn -A fooservice/servermachinename.fullyqualifieddomainname domain\serviceAccountName
In the client config set:
<identity>
<serviceprincipalname value="fooservice/servermachinename" />
</identity>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
