SpnEndpointIdentity Class
Represents a service principal name (SPN) for an identity when the binding uses Kerberos.
Assembly: System.ServiceModel (in System.ServiceModel.dll)
The SpnEndpointIdentity type exposes the following members.
| Name | Description | |
|---|---|---|
 | SpnEndpointIdentity(Claim) | Initializes a new instance of SpnEndpointIdentity with the specified identity claim. |
 | SpnEndpointIdentity(String) | Initializes a new instance of SpnEndpointIdentity with the specified service principal name (SPN). |
| Name | Description | |
|---|---|---|
| IdentityClaim | Gets the identity claim that corresponds to the identity. (Inherited from EndpointIdentity.) |
| SpnLookupTime | Specifies the maximum time allowed to look up the service principal name (SPN). |
| Name | Description | |
|---|---|---|
| Equals | Returns a value that determines whether a specified object is equal to the current identity object or if they have equal security properties. (Inherited from EndpointIdentity.) |
| Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
| GetHashCode | Provides a hash code for the current instance of the identity. (Inherited from EndpointIdentity.) |
| GetType | Gets the Type of the current instance. (Inherited from Object.) |
| Initialize(Claim) | Initializes an EndpointIdentity with the specified claim. (Inherited from EndpointIdentity.) |
| Initialize(Claim, IEqualityComparer<Claim>) | Initializes an EndpointIdentity with the specified claim and an interface and compares equality. (Inherited from EndpointIdentity.) |
| MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
| ToString | Returns the identity. (Inherited from EndpointIdentity.) |
An SPN is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication.
When a client wants to connect to a service, it locates an instance of the service, composes an SPN for that instance, and sets the identity to a SpnEndpointIdentity. A check will be made that the message is intended for that service.
The three authentication modes used under Kerberos are:
SSPINegotiate
Kerberos
KerberosOverTransport.
The following code shows one common way to create an instance of this class.
static EndpointIdentity CreateIdentity() { WindowsIdentity self = WindowsIdentity.GetCurrent(); SecurityIdentifier sid = self.User; EndpointIdentity identity = null; if (sid.IsWellKnown(WellKnownSidType.LocalSystemSid) || sid.IsWellKnown(WellKnownSidType.NetworkServiceSid) || sid.IsWellKnown(WellKnownSidType.LocalServiceSid)) { identity = EndpointIdentity.CreateSpnIdentity( String.Format(CultureInfo.InvariantCulture, "host/{0}", GetMachineName())); } else { // Need an UPN string here string domain = GetPrimaryDomain(); if (domain != null) { string[] split = self.Name.Split('\\'); if (split.Length == 2) { identity = EndpointIdentity.CreateUpnIdentity(split[1] + "@" + domain); } } } return identity; }
Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
