Directory Services

Mutual Authentication in Windows Sockets Applications

Microsoft® Windows® Sockets services can use the Registration and Resolution (RnR) APIs to publish services, or they can use service connection points.

For more information, including a code example that shows how to perform mutual authentication for a Windows Sockets service that publishes using a service connection point, see Mutual Authentication in a Windows Sockets Service with an SCP. This example uses an SSPI security package to manage the authentication negotiations between a client and the WinSock service.

A WinSock RnR service can use similar code to perform mutual authentication using an SSPI package. In this case, the service would compose its SPNs using the distinguished name of the service's entry in the WinsockServices container in the directory.

For example, if the service registers itself with the name WinSockRnRSampleService, you would compose the service's SPN from the following disitnguished name:

cn=WinSockRnRSampleService,cn=WinsockServices,cn=System,<domain DN>