expected identity upn connecting to service as network service,

Posted by Jim on Stack Overflow See other posts from Stack Overflow or by Jim
Published on 2010-05-27T12:06:08Z Indexed on 2010/05/27 12:11 UTC
Read the original article Hit count: 777

Filed under:
|
|
|

Hi,

We have a web application, running in an application pool as 'NETWORK SERVICE'. The web application connects to a service (.svc) on another web server. The other web server also has the service hosted as 'NETWORK SERVICE'. I believe this is the default.

The following endpoint, when run anywhere else works perfectly.

<endpoint address="http://server123/UnitTrustService/UnitTrustService.svc"
  binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_UnitTrustService"
  contract="UnitTrustServiceReference.UnitTrustService" name="WSHttpBinding_UnitTrustService">
 <identity>
  <servicePrincipalName value="server123" />
 </identity>
</endpoint>

Unfortunately when executed from the web site, we get the following error.

        System.ServiceModel.Security.MessageSecurityException: 
    The identity check failed for the outgoing message. 
    The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)' 
for the 'http://server123/UnitTrustService/UnitTrustService.svc' target endpoint. 
Server stack trace: at System.ServiceModel.Security.IdentityVerifier.EnsureIdentity(EndpointAddress serviceReference, AuthorizationContext authorizationContext, String errorString)...

Any ideas? I have tried running this as local system on the web server machine with exactly the same configuration and it works perfectly.

It has something to do with IIS?

Regards Craig.

© Stack Overflow or respective owner

Related posts about wcf

Related posts about authentication