SelfHost WCF example on 2 machines

Hot Topic

Problem when the service is hosted in windows application
Tools Options Page under Projects node
Adding button to a toolbar
problem encountered on Custom Page Size in different machine but same OS.
Excel file
How do I access child ui elements of a ListBoxItem
ReportViewer Cause error after deploying the webserver
Fail clearing directory
The long term goal of Cider vs.XAML
Integrated Security

Visual Studio

VSTO server documents and no-VSTO client documents
VS2005 debugger display of info for static members.
Distinguishing between the Express version and the standard version in an addin
Accessing WCF from native cpp client
Build an ASP.NET App on the Command Line
MSBUILD Deployment of CLR Assemblies to SQL2005
/target switch does not work as advertised
Comments on VSTO Security Model
Attaching process to Windows Service
Dragging fields from Server Explorer onto the design surface fails

SelfHost WCF example on 2 machines

Hi, all !

I tried selfhost example to run different machines and client faild unless I added <identity><servicePrincipalName/></identity> to endpoint.

So my questions in this case :

1) Why only "servicePrincipalName" work and not "userPrincipalName" ( this example run service as console application and not windows service )

2) Why I don't need to add value attribute for "servicePrincipalName" in this case

3) Why I can only set end-point address as "computername.domainname" and not "computername@domainname". When I set it on service instead of "localhost" service failed

4) How the adress will be changed for workgroup.

5) Is it possible to use IP somehow

TIA

Arkady

Answer this question

SelfHost WCF example on 2 machines

  • jaybo_nomad

    If you run your self-hosted service under say redmond\smason (that's me ;>) and you have a client on a remote machine it will need to use a UPN, not an SPN (unless you create a special SPN which I won't go into here). The UserPrincipalName will descibe who the service is running as. So the client app.config should look something like this:

    <endpoint address="net.tcp://sauron:8001/ScottsService/" binding="netTcpBinding"
    bindingConfiguration="NetTcpBinding_IBlah" contract="IBlah"
    name="NetTcpBinding_IBlah">
    <identity>
    <userPrincipalName value="smason@redmond.corp.microsoft.com" />
    </identity>
    </endpoint>

    If the userPrincipalName is incorrect or blank, it will use NTLM to authenticate.

    If you use the AT command to fire up a cmd and run your self hosted server from there, it will be running as the System account and thus be able to be called using the default SPN - host\machine.

    Are you using your ip like this:

    <endpoint address="net.tcp://<IP>:8001/ScottsService/" binding="netTcpBinding"
    bindingConfiguration="NetTcpBinding_IBlah" contract="IBlah"
    name="NetTcpBinding_IBlah">
    ....

    What is the error

    Thanks!

    Scott



  • Mr. 007

    Hi, Scott!

    I use SelfHost example from Platform SDK and that console app for service and client. I didn't use svcutil but changed config files from example. I just changed the "localhost" to "computername.domainname" ( "computername@domainname" just not work for me I don't know why) exactly as documentation for examples stand and it doesn't mention SPN/UPN at all. The only way the pair work for me is <identity><servicePrincipalName/></identity> . When I tried all the next 3 variants , the client always failed

    <identity><servicePrincipalName value = "computername.domainname"/></identity>

    <identity><userPrincipalName value = "computername.domainname"/></identity>

    <identity><userPrincipalName"/></identity>

    Quote : I'm not sure what you mean by service instead of localhost.

    I mean changes in service config file from PSDK SelfHost sample ( all PSDK examples use "localhost" in config files )

    Quote : You can use the IP address for the EndpointAddress but it wouldn't be a very readable name... You may want to use a readable EPA and use the IP to set the Via.

    Can you show example , any side ( client or /and service ) fail for me if I use IP

    TIA

    Arkady

  • Jannet

    Thanks, Scott!

    That ( just IP and not name.domain ) really work without problems when client config have <identity><servicePrincipalName/></identity>

    Arkady

  • Sacha Vieux-Roy

    Additionally. There is no problem to run client without

    < identity><servicePrincipalName/></identity> in client config when service console app run on system account ( "at ... cmd client" )

    TIA

    Arkady

  • lsberman

    When you use svcutil it should have created the identity element for you. If you're running the service as a self-hosted app then you should have a UPN, not an SPN. What is the SPN that you use to make this work If it's Host\Machinename then your service needs to be running as System or NetworkService. If you add a UPN or SPN that it can't use, it will use NTLM to authenticate instead of Kerberos.

    The endpoint address is not the same format as UPN. I'm not sure what you mean by service instead of localhost.

    You should be able to just use the machinename in the workgroup mode just as in a domain. You can use the IP address for the EndpointAddress but it wouldn't be a very readable name... You may want to use a readable EPA and use the IP to set the Via.

    Hope that helps.

    Thanks!

    Scott



  • Greg Motter

    To get a self-hosted app to work you must be running the app when you run svcutil against it. You need to run it against its baseaddress. There is no SVC file for self-hosted apps.

    So for example, if I have a self hosted app that looks like this:

    string baseaddress = "string baseaddress = "http://localhost:44001/SecurityTest/";
    ServiceHost host = new ServiceHost(typeof(ScottsTestImpl),new Uri(baseaddress));
    host.Open();

    Then I must first run my server app, then run svcutil like this:

    svcutil http://localhost:44001/SecurityTest/ /out:proxy.cs

    Hope that helps.

    Thanks!

    Scott



  • Brian Napora

    Great! Thanks, Scott!

    Shame on me, I forgot port in EPA for svcutil, so after it created config file I saw that really <identity><userPrincipalName value = "user@domain"/></identity> exist there and when I set it instead of <identity><servicePrincipalName/></identity> in original config file, client can communicate with service. So I see that both variants work in the case client and service are console applications. OTOH in the case <identity><servicePrincipalName value = "user@domain"/></identity> client fail with exception, IMHO that will work if service run as NT service not as console app.

    Thanks once more for your help

    Arkady

  • chen_k

    No, you don't need to use TCP. I just used that as an example.

    Thanks!

    Scott



  • AASoft_ILSC

    BTW , Scott!

    How I can work with svcutil with selfhost example. For IIS dll the next call work fine :

    "svcutil.exe http://computer.domain/ServiceModelSamples/service.svc" but in the case of selfhost no svc file exist. And even when I put service.exe and service.exe.config into ServiceModelSamples directory

    svcutil from client machine failed with "connection attempt..."

    for service.exe and service.exe.config , OTOH client app work without problems with the service. I just want to try client with config file created by svcutil in this case and not ready one, I added identity element too

    TIA

    Arkady

  • marianocab

    Hi, Scott!

    I tried the SelfHost on two machines with minimal changes ( just changed EPA and not binding itself ( it used wsHttpBinding and not tcp ). Do you mean that using IP demand tcp binding

    I'll try that in advance too

    TIA

    Arkady
  • SelfHost WCF example on 2 machines
Answer this question