Intranet - setup for delegation from IIS to remote WCF. RRS feed

  • Question


    I am using the above link to setup my application. I belive the article may not be correct, can you please clar1fy.

    Q1. The following lines in article (under application server section) should have ApplicationServer instead of WebServer right.  

    setspn -a WCFServiceHost// customDomainAccount.

    Q2. I have 4 WCFServices running via a single Windws service. Assuming that the 4 WCF service Names are MyService1, MyService2, MyService3 and MyService4

    What should my SPN be? should I create 4 SPN for each one of the service?

    Friday, February 14, 2014 2:41 AM

All replies

  • Hi,

    For your question1: 
    The is the fully qualified host name of the sever where the application server is running. It is of the form: In the article the machine-name is WebServer, so it should be WebServer not ApplicationServer.

    For your question2:
    A SPN is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host.

    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, February 17, 2014 2:21 AM
  • Hi Peng,

    Thanks fot reply


    There is no mention of WCF service running in a server nammed webserver, even if it specified it will be so confuing and misleading, the web server is running IIS and the WCF is running in a remote APP Server. There are other ambiguities in this page, please help us understand that there isn't many resoursces about Kerberos constrained delegation neither is it easy for troubleshooting.


    Pleae can you let me me if the term service means a window service that is hosting multiple WCF Services or each WCF service hosted in a windows service. I was mentioning about 5 WCF service hosted in a single windows service in a single server in the whole forest, should I create SPN for each of the 5 WCF Service?



    Monday, February 17, 2014 2:40 AM