SpnEndpointIdentity Class
Represents a service principal name (SPN) for an identity when the binding uses Kerberos.
Assembly: System.ServiceModel (in System.ServiceModel.dll)
| Name | Description | |
|---|---|---|
![]() | SpnEndpointIdentity(Claim) | Initializes a new instance of SpnEndpointIdentity with the specified identity claim. |
![]() | SpnEndpointIdentity(String) | Initializes a new instance of SpnEndpointIdentity with the specified service principal name (SPN). |
| Name | Description | |
|---|---|---|
![]() | IdentityClaim | Gets the identity claim that corresponds to the identity. (Inherited from EndpointIdentity.) |
![]() ![]() | SpnLookupTime | Specifies the maximum time allowed to look up the service principal name (SPN). |
| Name | Description | |
|---|---|---|
![]() | Equals(Object) | Returns a value that determines whether a specified object is equal to the current identity object or if they have equal security properties.(Inherited from EndpointIdentity.) |
![]() | Finalize() | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.) |
![]() | GetHashCode() | Provides a hash code for the current instance of the identity.(Inherited from EndpointIdentity.) |
![]() | GetType() | |
![]() | Initialize(Claim) | Initializes an EndpointIdentity with the specified claim.(Inherited from EndpointIdentity.) |
![]() | Initialize(Claim, IEqualityComparer<Claim>) | Initializes an EndpointIdentity with the specified claim and an interface and compares equality.(Inherited from EndpointIdentity.) |
![]() | MemberwiseClone() | |
![]() | ToString() | Returns the identity.(Inherited from EndpointIdentity.) |
An SPN is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication.
When a client wants to connect to a service, it locates an instance of the service, composes an SPN for that instance, and sets the identity to a SpnEndpointIdentity. A check will be made that the message is intended for that service.
The three authentication modes used under Kerberos are:
SSPINegotiate
Kerberos
KerberosOverTransport.
The following code shows one common way to create an instance of this class.
static EndpointIdentity CreateIdentity() { WindowsIdentity self = WindowsIdentity.GetCurrent(); SecurityIdentifier sid = self.User; EndpointIdentity identity = null; if (sid.IsWellKnown(WellKnownSidType.LocalSystemSid) || sid.IsWellKnown(WellKnownSidType.NetworkServiceSid) || sid.IsWellKnown(WellKnownSidType.LocalServiceSid)) { identity = EndpointIdentity.CreateSpnIdentity( String.Format(CultureInfo.InvariantCulture, "host/{0}", GetMachineName())); } else { // Need an UPN string here string domain = GetPrimaryDomain(); if (domain != null) { string[] split = self.Name.Split('\\'); if (split.Length == 2) { identity = EndpointIdentity.CreateUpnIdentity(split[1] + "@" + domain); } } } return identity; }
Available since 8
.NET Framework
Available since 3.0
Portable Class Library
Supported in: portable .NET platforms
Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.



