Kerberos Authentication For IIS web hosted web services RRS feed

  • Question

  • Hello,

    I am struggling to find what the format of the Service Principle Name for IIS host web services.

    We have a client that connects to a web service (service1.svc) with the URL https:\\destination.domain\Service2.svc. This web service connects to a second web service (service2.svc) with the URL https:\\localhost.domain\service2.asmx. Both service are hosted on the same webserver. The DNS on the Domain controller sets destination.domain to point to the IP of webserver and localshost.domain to The application pool account is a global service managed account that is configured to allow delegation and is called webserveraccount. The application pool is configured to use the appPoolIdentity. 

    What is the service principle name? I have set the spn from the command line to be

    setspn -s HTTP/destination.domain webserveraccount$

    setspn -s HTTP/localhost.domain webserveraccount$

    What is the correct format of the setspn command based on the configuration.

    thanks on advance

    Monday, September 28, 2020 3:02 PM