Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

SpnEndpointIdentity Class

Represents a service principal name (SPN) for an identity when the binding uses Kerberos.

System.Object
  System.ServiceModel.EndpointIdentity
    System.ServiceModel.SpnEndpointIdentity

Namespace:  System.ServiceModel
Assemblies:   System.ServiceModel.Security (in System.ServiceModel.Security.dll)
  System.ServiceModel (in System.ServiceModel.dll)

public class SpnEndpointIdentity : EndpointIdentity

The SpnEndpointIdentity type exposes the following members.

  NameDescription
Public methodSpnEndpointIdentity(Claim)Initializes a new instance of SpnEndpointIdentity with the specified identity claim.
Public methodSupported in .NET for Windows Store appsSpnEndpointIdentity(String)Initializes a new instance of SpnEndpointIdentity with the specified service principal name (SPN).
Top

  NameDescription
Public propertyIdentityClaimGets the identity claim that corresponds to the identity. (Inherited from EndpointIdentity.)
Public propertyStatic memberSupported in .NET for Windows Store appsSpnLookupTimeSpecifies the maximum time allowed to look up the service principal name (SPN).
Top

  NameDescription
Public methodSupported in .NET for Windows Store appsEqualsReturns a value that determines whether a specified object is equal to the current identity object or if they have equal security properties. (Inherited from EndpointIdentity.)
Protected methodSupported in .NET for Windows Store appsFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodSupported in .NET for Windows Store appsGetHashCodeProvides a hash code for the current instance of the identity. (Inherited from EndpointIdentity.)
Public methodSupported in .NET for Windows Store appsGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodInitialize(Claim)Initializes an EndpointIdentity with the specified claim. (Inherited from EndpointIdentity.)
Protected methodInitialize(Claim, IEqualityComparer<Claim>)Initializes an EndpointIdentity with the specified claim and an interface and compares equality. (Inherited from EndpointIdentity.)
Protected methodSupported in .NET for Windows Store appsMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodSupported in .NET for Windows Store appsToStringReturns the identity. (Inherited from EndpointIdentity.)
Top

An SPN is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication.

When a client wants to connect to a service, it locates an instance of the service, composes an SPN for that instance, and sets the identity to a SpnEndpointIdentity. A check will be made that the message is intended for that service.

The three authentication modes used under Kerberos are:

  • SSPINegotiate

  • Kerberos

  • KerberosOverTransport.

The following code shows one common way to create an instance of this class.

static EndpointIdentity CreateIdentity()
 {
     WindowsIdentity self = WindowsIdentity.GetCurrent();
     SecurityIdentifier sid = self.User;

     EndpointIdentity identity = null;

     if (sid.IsWellKnown(WellKnownSidType.LocalSystemSid) ||
         sid.IsWellKnown(WellKnownSidType.NetworkServiceSid) ||
         sid.IsWellKnown(WellKnownSidType.LocalServiceSid))
     {
         identity = EndpointIdentity.CreateSpnIdentity(
             String.Format(CultureInfo.InvariantCulture, "host/{0}", GetMachineName()));
     }
     else
     {
         // Need an UPN string here 
         string domain = GetPrimaryDomain();
         if (domain != null)
         {
             string[] split = self.Name.Split('\\');
             if (split.Length == 2)
             {
                 identity = EndpointIdentity.CreateUpnIdentity(split[1] + "@" + domain);
             }
         }
     }

     return identity;
 }

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

.NET for Windows Store apps

Supported in: Windows 8

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft