Platform SDK: Active Directory, ADSI, and Directory Services

Composing and Registering SPNs for an SCP-based Windows Sockets Service

The following code fragment shows how to compose and register the SPNs for a service. Call this code from your service's installation program after calling CreateService and creating the service's service connection point (SCP).

The following code fragment calls the SpnCompose and SpnRegister routines that compose and register the SPN. For the SpnCompose source code, see Composing the SPNs for a Service with an SCP. For the SpnRegister source code, see Registering the SPNs for a Service.

This example uses the service's class name and the distinguished name of its SCP to create its service principal name. For sample code that shows how the client binds to the service's SCP to retrieve these name strings, see How Clients Find and Use a Service Connection Point. Note that the code for composing an SPN varies depending on the type of service and the mechanisms used to publish the service.

The service registers its SPN by storing it in the servicePrincipalName attribute of the service's account object in the directory. If the service runs under the LocalSystem account instead of under a service account, it registers its SPN under the local computer account's object in the directory.

TCHAR szDNofSCP[MAX_PATH];    // DN of SCP. Initialize by querying SCP.
TCHAR szServiceClass[]=TEXT("ADSockAuth");
LPCTSTR szServiceAccountDN;   // DN of service's logon account. 
DWORD dwStatus;
TCHAR **pspn = NULL;
ULONG ulSpn = 1;
// Compose the SPNs
dwStatus = SpnCompose(
        &pspn,              // Receives pointer to the SPN array.
        &ulSpn,             // Receives number of SPNs returned.
        szDNofSCP,          // Input: DN of the SCP.
        szServiceClass);    // Input: the service's class string.
// Register the SPNs
if (dwStatus == NO_ERROR) 
    dwStatus = SpnRegister(
       szServiceAccountDN,  // Logon account to register SPNs on
       pspn,                // Array of SPNs
       ulSpn,               // Number of SPNs in array
       DS_SPN_ADD_SPN_OP);  // Add SPNs to the account
// Free the array of SPNs returned by SpnCompose.
DsFreeSpnArray(ulSpn, pspn); 

You can use similar code to unregister your SPNs when your service is being uninstalled. Simple specify the DS_SPN_DELETE_SPN_OP operation instead of DS_SPN_ADD_SPN_OP.