EndpointIdentity.CreateUpnIdentity(String) Method

Reference

Definition

Namespace:: System.ServiceModel

Assembly:: System.ServiceModel.Primitives.dll

Assembly:: System.ServiceModel.dll

Package:: System.ServiceModel.Primitives v6.0.0

Package:: System.ServiceModel.Primitives v6.2.0

Package:: System.ServiceModel.Primitives v8.0.0

Source:: EndpointIdentity.cs

Source:: EndpointIdentity.cs

Source:: EndpointIdentity.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Creates a user principal name (UPN) identity with a specified name.

public:
 static System::ServiceModel::EndpointIdentity ^ CreateUpnIdentity(System::String ^ upnName);

public static System.ServiceModel.EndpointIdentity CreateUpnIdentity (string upnName);

static member CreateUpnIdentity : string -> System.ServiceModel.EndpointIdentity

Public Shared Function CreateUpnIdentity (upnName As String) As EndpointIdentity

Parameters

upnName: String

The name for the UPN identity.

Returns

EndpointIdentity

A UPN EndpointIdentity associated with the specified upnName.

Exceptions

ArgumentNullException

upnName is null.

Examples

The following code shows how to call this method.

namespace TestPrincipalPermission
{
    class PrincipalPermissionModeWindows
    {

        [ServiceContract]
        interface ISecureService
        {
            [OperationContract]
            string Method1();
        }

        class SecureService : ISecureService
        {
            [PrincipalPermission(SecurityAction.Demand, Role = "everyone")]
            public string Method1()
            {
                return String.Format("Hello, \"{0}\"", Thread.CurrentPrincipal.Identity.Name);
            }
        }

        public void Run()
        {
            Uri serviceUri = new Uri(@"http://localhost:8006/Service");
            ServiceHost service = new ServiceHost(typeof(SecureService));
            service.AddServiceEndpoint(typeof(ISecureService), GetBinding(), serviceUri);
            service.Authorization.PrincipalPermissionMode = PrincipalPermissionMode.UseAspNetRoles;
            service.Open();

            EndpointAddress sr = new EndpointAddress(
                serviceUri, EndpointIdentity.CreateUpnIdentity(WindowsIdentity.GetCurrent().Name));
            ChannelFactory<ISecureService> cf = new ChannelFactory<ISecureService>(GetBinding(), sr);
            ISecureService client = cf.CreateChannel();
            Console.WriteLine("Client received response from Method1: {0}", client.Method1());
            ((IChannel)client).Close();
            Console.ReadLine();
            service.Close();
        }

        public static Binding GetBinding()
        {
            WSHttpBinding binding = new WSHttpBinding(SecurityMode.Message);
            binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
            return binding;
        }
    }
}

Remarks

A secure WCF client that connects to an endpoint with this identity uses the UPN when performing SSPI authentication with the endpoint.

This static method creates an instance of UpnEndpointIdentity by calling its constructor, UpnEndpointIdentity, using upnName as the input parameter.

If upnName is specified with an empty string, authentication falls back from Kerberos to NTLM if possible. If AllowNtlm is false, WCF makes a best-effort to throw an exception if NTLM is used. Note that setting this property to false may not prevent NTLM credentials from being sent over the wire.

Applies to