SpnEndpointIdentity Class

Definition

Represents a service principal name (SPN) for an identity when the binding uses Kerberos.

public ref class SpnEndpointIdentity : System::ServiceModel::EndpointIdentity
public class SpnEndpointIdentity : System.ServiceModel.EndpointIdentity
type SpnEndpointIdentity = class
    inherit EndpointIdentity
Public Class SpnEndpointIdentity
Inherits EndpointIdentity
Inheritance
SpnEndpointIdentity

Examples

The following code shows one common way to create an instance of this class.

static EndpointIdentity CreateIdentity()
 {
     WindowsIdentity self = WindowsIdentity.GetCurrent();
     SecurityIdentifier sid = self.User;

     EndpointIdentity identity = null;

     if (sid.IsWellKnown(WellKnownSidType.LocalSystemSid) ||
         sid.IsWellKnown(WellKnownSidType.NetworkServiceSid) ||
         sid.IsWellKnown(WellKnownSidType.LocalServiceSid))
     {
         identity = EndpointIdentity.CreateSpnIdentity(
             string.Format(CultureInfo.InvariantCulture, "host/{0}", GetMachineName()));
     }
     else
     {
         // Need an UPN string here
         string domain = GetPrimaryDomain();
         if (domain != null)
         {
             string[] split = self.Name.Split('\\');
             if (split.Length == 2)
             {
                 identity = EndpointIdentity.CreateUpnIdentity(split[1] + "@" + domain);
             }
         }
     }

     return identity;
 }
Private Shared Function CreateIdentity() As EndpointIdentity
     Dim self As WindowsIdentity = WindowsIdentity.GetCurrent()
     Dim sid As SecurityIdentifier = self.User

     Dim identity As EndpointIdentity = Nothing

     If sid.IsWellKnown(WellKnownSidType.LocalSystemSid) OrElse sid.IsWellKnown(WellKnownSidType.NetworkServiceSid) OrElse sid.IsWellKnown(WellKnownSidType.LocalServiceSid) Then
         identity = EndpointIdentity.CreateSpnIdentity(String.Format(CultureInfo.InvariantCulture, "host/{0}", GetMachineName()))
     Else
         ' Need an UPN string here
         Dim domain As String = GetPrimaryDomain()
         If domain IsNot Nothing Then
             Dim split() As String = self.Name.Split("\"c)
             If split.Length = 2 Then
                 identity = EndpointIdentity.CreateUpnIdentity(split(1) & "@" & domain)
             End If
         End If
     End If

     Return identity
End Function

Remarks

An SPN is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication.

When a client wants to connect to a service, it locates an instance of the service, composes an SPN for that instance, and sets the identity to a SpnEndpointIdentity. A check will be made that the message is intended for that service.

The three authentication modes used under Kerberos are:

  • SSPINegotiate

  • Kerberos

  • KerberosOverTransport.

Constructors

SpnEndpointIdentity(Claim)

Initializes a new instance of SpnEndpointIdentity with the specified identity claim.

SpnEndpointIdentity(String)

Initializes a new instance of SpnEndpointIdentity with the specified service principal name (SPN).

Properties

IdentityClaim

Gets the identity claim that corresponds to the identity.

(Inherited from EndpointIdentity)
SpnLookupTime

Specifies the maximum time allowed to look up the service principal name (SPN).

Methods

Equals(Object)

Returns a value that determines whether a specified object is equal to the current identity object or if they have equal security properties.

(Inherited from EndpointIdentity)
GetHashCode()

Provides a hash code for the current instance of the identity.

(Inherited from EndpointIdentity)
GetType()

Gets the Type of the current instance.

(Inherited from Object)
Initialize(Claim)

Initializes an EndpointIdentity with the specified claim.

(Inherited from EndpointIdentity)
Initialize(Claim, IEqualityComparer<Claim>)

Initializes an EndpointIdentity with the specified claim and an interface and compares equality.

(Inherited from EndpointIdentity)
MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
ToString()

Returns the identity.

(Inherited from EndpointIdentity)

Applies to