EndpointIdentity.CreateUpnIdentity(String) EndpointIdentity.CreateUpnIdentity(String) EndpointIdentity.CreateUpnIdentity(String) EndpointIdentity.CreateUpnIdentity(String) Method


Creates a user principal name (UPN) identity with a specified name.

 static System::ServiceModel::EndpointIdentity ^ CreateUpnIdentity(System::String ^ upnName);
public static System.ServiceModel.EndpointIdentity CreateUpnIdentity (string upnName);
static member CreateUpnIdentity : string -> System.ServiceModel.EndpointIdentity
Public Shared Function CreateUpnIdentity (upnName As String) As EndpointIdentity


String String String String

The name for the UPN identity.




The following code shows how to call this method.

namespace TestPrincipalPermission
    class PrincipalPermissionModeWindows

        interface ISecureService
            string Method1();

        class SecureService : ISecureService
            [PrincipalPermission(SecurityAction.Demand, Role = "everyone")]
            public string Method1()
                return String.Format("Hello, \"{0}\"", Thread.CurrentPrincipal.Identity.Name);

        public void Run()
            Uri serviceUri = new Uri(@"http://localhost:8006/Service");
            ServiceHost service = new ServiceHost(typeof(SecureService));
            service.AddServiceEndpoint(typeof(ISecureService), GetBinding(), serviceUri);
            service.Authorization.PrincipalPermissionMode = PrincipalPermissionMode.UseAspNetRoles;

            EndpointAddress sr = new EndpointAddress(
                serviceUri, EndpointIdentity.CreateUpnIdentity(WindowsIdentity.GetCurrent().Name));
            ChannelFactory<ISecureService> cf = new ChannelFactory<ISecureService>(GetBinding(), sr);
            ISecureService client = cf.CreateChannel();
            Console.WriteLine("Client received response from Method1: {0}", client.Method1());


        public static Binding GetBinding()
            WSHttpBinding binding = new WSHttpBinding(SecurityMode.Message);
            binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
            return binding;


A secure WCF client that connects to an endpoint with this identity uses the UPN when performing SSPI authentication with the endpoint.

This static method creates an instance of UpnEndpointIdentity by calling its constructor, UpnEndpointIdentity, using upnName as the input parameter.

If upnName is specified with an empty string, authentication falls back from Kerberos to NTLM if possible. If AllowNtlm is false, WCF makes a best-effort to throw an exception if NTLM is used. Note that setting this property to false may not prevent NTLM credentials from being sent over the wire.

Applies to