How to authenticate users with Kerberos direct to support non-WCF clients with windows authentication
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
Set the negotiateServiceCredentials
option to false to set the Kerberos direct option. This option is only available on the
Keep in mind that setting negotiateServiceCredentials
to false will force the WCF service to run under the Network Service Identity’s SPN (Service Principal Name). It is not possible to host a service with a custom user identity’s UPN (User Principal
Name). Also keep in mind that delegation is not possible in WCF with Kerberos direct.
The following binding configuration shows how to set the negotiateServiceCredentials option:
* <message clientCredentialType="Windows"