WCF microservices in containers

Sign in to queue

The Discussion

  • User profile image
    Stef

    [@6:15] It is possible to have a Windows container integrate into an Active Directory infrastructure using a CredentialSpec and the --security-opt flag.

    E.g.

    docker run -d -p 8081:8081 --security-opt="credentialspec=file://servicecredentials.json" --name testService stef/testService

    The container runs the service as a local service account, the --security-opt settings then maps this to the AD account specified in the credential spec.

    I have a container hosting a WCF Data Services service in IIS with Windows Integrated security enabled, I can flow the calling user ID through the container to a SQL Server using Kerberos.

  • User profile image
    Stef

    I'll follow up to say the service account must be a Group Managed Service Account (gMSA) and so an AD running Windows Server 2012 or later is required.

Add Your 2 Cents