Win32Exception:The target principal name is incorrect when calling a WCF service with WebClient

Question

I put together a quick chunk of example code with linqpad showing a WCF webservice call without creating a proxy class from the WSDL. Here\'s what I have:

using         


        

Answer 1

From MSDN Site:

An SPN is a name by which a client uniquely identifies an instance of a service or application on a server for purposes of mutual authentication. Mutual authentication is requested by default, and you can require it by setting WebRequest.AuthenticationLevel to MutualAuthRequired in your request.

When a WebRequest requires mutual authentication, the SPN for the destination must be supplied by the client. If you know the SPN, you can add it to the CustomTargetNameDictionary before sending the request. If you have not added SPN information to this dictionary, the AuthenticationManager uses the RequestUri method to compose the most likely SPN; however, this is a computed value and might be incorrect. If mutual authentication is attempted and fails, you can check the dictionary to determine the computed SPN. No SPN is entered into the dictionary if the authentication protocol does not support mutual authentication.

So adding to Authentication.CutomTargetNameDictionary URL and spn, should solve your issue.

using (var wb = new WebClient())
{
  const string URL = "http://myserver:55002/Core.svc";

  wb.Credentials = CredentialCache.DefaultNetworkCredentials;
  wb.Headers.Add("Content-Type: text/xml;charset=UTF-8");
  wb.Headers.Add("SOAPAction: \"http://tempuri.org/Core/Project_GetNumberForExternalUse\"");

  String requestString = @"
    <soapenv:Envelope xmlns:soapenv=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:tem=""http://tempuri.org/"">
    <soapenv:Header/>
    <soapenv:Body>
        <tem:Project_GetNumberForExternalUse>
          <!--Optional:-->
          <tem:extData1>ext 1</tem:extData1>
          <!--Optional:-->
          <tem:extData2>ext 2</tem:extData2>
          <!--Optional:-->
          <tem:extData3>ext 3</tem:extData3>
          <!--Optional:-->
          <tem:extData4>ext 4</tem:extData4>
          <!--Optional:-->
          <tem:extDataLong>ext 1ext 1ext 1ext 1ext 1</tem:extDataLong>
        </tem:Project_GetNumberForExternalUse>
    </soapenv:Body>
  </soapenv:Envelope>
  ";

  var uri = new Uri(URL);
  var spn = $"{uri.Scheme}/{uri.Authority}";
  AuthenticationManager.CustomTargetNameDictionary.Add(URL, spn);

  var response = wb.UploadString(URL, "POST", requestString);
  response.Dump();
}

Answer 2

Try using AuthenticationManager.CustomTargetNameDictionary to specify the SPN you want to use when invoking that URL with WebClient:

http://blogs.msdn.com/b/jpsanders/archive/2009/03/20/httpwebrequest-class-does-not-use-port-number-in-spn-when-using-kerberos.aspx

http://msdn.microsoft.com/en-us/library/system.net.authenticationmanager.customtargetnamedictionary.aspx