Friday, December 3, 2010

Kerberos authentication with WCF Service and WCF Client

1.Environment Setup

- Required Windows 2008 Server + IIS 7 + Active Directory + Visual Studio 2008

1.1 Active Directory

Following image shows my Active Directory configuration which includes two users server and client

Open up a command window and type the following to set the SPN for the user 'server'
:\> setspn -A service/myserver server

1.2 IIS

Open up IIS and create an application pool called 'kerberos'

Then Edit the Advance Settings of the created application pool --> Select 'Identity' (under Process Model) --> Select 'Custom Account' --> set the user 'server' and his password

2.Sample Setup

2.1 Download the sample zip file from here, unzip and open it up in Visual Studio 2008

2.2 Find the following setting in web.config unser EchoService project and change it appropriately.. Here service/myserver is the SPN you create before for the user server.
<serviceprincipalname value="service/myserver" /> 
2.3 Build the entire solution

2.4 Deploy the service in IIS with the EchoService.WebSetup project

2.5 While doing 2.4, select the application pool created before in IIS - that is 'Kerberos'

2.6 Make sure the service running properly by accessing it's WSDL


2.7 Open up the app.config file under EchoClient project and edit the following configuration appropriately..
<serviceprincipalname value="service/myserver" /> 
2.8 Correct the End Point address in app.config to point to the deployed service

That's it - now you can run the client from the IDE by setting it as the startup project.


dam said...
This comment has been removed by the author.
dam said...

What is the service in
setspn -A service/myserver server

is it
setspn -A EchoServices/myserver server

dam said...

Hi When I follow the instructions I get the following error on the client side

System.InvalidOperationException: Could not find default endpoint element that references contract 'WSO2.Echo.echoPortType' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element.

chenmeinv0 said...

cheap louis vuitton handbags
gucci bags
canada goose jackets clearance
cheap oakley sunglasses
cheap ugg boots
canada goose jackets
cheap ugg boots
montblanc pens
toms outlet
canada goose coats

chenmeinv0 said...

coach outlet
nike free run 5.0
snapback hats
oakley vault
fitflops shoes
mlb jerseys custom
adidas outlet store
true religion runway
coach outlet online
christian louboutin sale

dong dong23 said...

lebron 13 shoes
true religion outlet
pandora bracelet
nhl jerseys wholesale
cheap jordan sneakers
kobe 12 shoes
ralph lauren polo shirts
sac longchamp
coach outlet store online
ralph lauren outlet

eric yao said...

Coach Outlet ED Hardy Outlet Coach Outlet Store Online Kate Spade Outlet Cheap Jordans Coach Purses Coach Outlet Kate Spade Outlet Toms Outlet Louis Vuitton