If you support non-WCF clients using windows authentication and message security, consider using the Kerberos direct option
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
If your WCF service needs to support non-WCF clients using Windows authentication and message security, consider using Kerberos direct. Set the
option to false to set the Kerberos direct option. This option is only available on the
. The benefit is better performance and interoperability with non Microsoft clients consuming WCF services.
Consider that setting negotiateServiceCredentials
to false will force the WCF service to run under the Network Service Identity’s SPN (Service Principal Name). It is not possible to host a service with a custom user identity’s UPN (User Principal Name).
Consider also that delegation in WCF is not possible with Kerberos direct.
The following binding configuration shows how to set this option: