WCF Why does netTCPBinding work fine with Kerberos authentication without any SPN settings?

Question

WCF Why does netTCPBinding work fine with Kerberos authentication without any SPN settings?

In one of our networks, we use netTCPBinding. The WCF service is hosted on a Windows service that runs as a domain account.

From the event viewer, I see that my WCF service uses Kerberos authentication. Everything works without problems "without a box" with a simple default configuration without the <identity> element in the configuration file and without any SPN settings for the machine, for example:

 setspn -a WcfServiceName//Server domaonAccount

But from the many online links, I came to the conclusion that SPN configuration is necessary. It is unclear why in my case it works without these settings?

We are waiting for an explanation of WCF-security experts.

+4

security wcf kerberos spn nettcpbinding

ablei2000 Feb 05 '10 at 15:33

source share

1 answer

kd7 · Answer 1 · 2010-02-05T18:37:58+0000

In the WCF Security Guide: netTcpBinding: defines a safe, reliable, optimized binding suitable for inter-machine communication. By default, it creates the transport security communication stack and Windows Authentication runtime as the default security settings. It uses TCP protocol for message delivery and binary message encoding.

In fact, by default it is protected, callers must provide Windows-Creds for authentication.

WCF Why does netTCPBinding work fine with Kerberos authentication without any SPN settings?

More articles: