MessageSecurityOverHttpElement.NegotiateServiceCredential Property
Gets or sets a Boolean value that specifies whether the service credential is provisioned at the client out-of-band, or is obtained from the service to the client through a process of negotiation.
Assembly: System.ServiceModel (in System.ServiceModel.dll)
[ConfigurationPropertyAttribute("negotiateServiceCredential", DefaultValue = true)] public bool NegotiateServiceCredential { get; set; }
Property Value
Type: System.Booleantrue if the service credential is provisioned at the client out-of-band; otherwise, false.
This property specifies whether the service credential is provisioned at the client out-of-band or is obtained from the service to the client through a process of negotiation. Such a negotiation is a precursor to the usual message exchange.
If the ClientCredentialType property is equal to Anonymous, UserName, or Certificate, setting this property to false implies that the service certificate is available at the client out-of-band, and that the client must specify the ServiceCertificate property of ServiceCredentialsElement class. This mode is interoperable with SOAP stacks that implement WS-Trust and WS-SecureConversation.
If the ClientCredentialType property is equal to Windows, setting this property to false causes a Kerberos-based authentication. This requires that the client and service be part of a Kerberos domain. This mode is interoperable with SOAP stacks that implement the Kerberos token profile (as defined at OASIS WSS TC) as well as WS-Trust and WS-SecureConversation.
When this property is true, it causes a .NET SOAP negotiation that tunnels SPNego exchange over SOAP messages.
This property indicates whether the service credential is negotiated automatically between the client and the service. If this property is true, then such negotiation occurs. If this property is false, then the service credentials must be specified at the client before communication with the service can occur.
If this property is set to false, and the binding is configured to use Windows as a client credential type, the service account must be associated with a Service Principal Name (SPN). To do this, run the service under the NETWORK SERVICE account, or LOCAL SYSTEM account. Alternatively, use the SetSpn.exe tool to create an SPN for the service account. In either case, the client must use the correct SPN in the <servicePrincipalName> element, or by using the EndpointAddress constructor. For more information, see Specifying the Identity.
- Full trust for the immediate caller. This member cannot be used by partially trusted code. For more information, see Using Libraries from Partially Trusted Code.
Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
