This project is read-only.

How to authenticate users with Kerberos direct to support non-WCF clients with windows authentication

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Set the negotiateServiceCredentials option to false to set the Kerberos direct option. This option is only available on the wsHttpBinding.

Keep in mind that setting negotiateServiceCredentials to false will force the WCF service to run under the Network Service Identity’s SPN (Service Principal Name). It is not possible to host a service with a custom user identity’s UPN (User Principal Name). Also keep in mind that delegation is not possible in WCF with Kerberos direct.

The following binding configuration shows how to set the negotiateServiceCredentials option:
<binding name="BindingMessage">
    <security mode="Message">
*          <message clientCredentialType="Windows"
                 negotiateServiceCredential="false" />*

Last edited May 8, 2008 at 1:11 AM by prashantbansode, version 1


No comments yet.