Why does WCF let me have an empty value for servicePrincipalName on the Client-Side?

I'm trying to configure our WCF client's Identity correctly. Currently, I have the client-side's identity set to <servicePrincipalName/>, without actually specifying a value for <servicePrincipalName/>.

My question is, how is this a valid configuration? I'm able to successfully use the client, but I don't understand why WCF lets me set an empty <servicePrincipalName/>.

The endpoint on the client-side looks like this:

   <endpoint address="http://w30-7wfjwh1/KDMSPartService/PartService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_LargeData"                
              contract="PartService.ICustomer" name="WSHttpBinding_ICustomer">
    <identity>
      <servicePrincipalName/>
    </identity>
  </endpoint>

The 'WSHttpBinding_LargeData' configuration on the client-side looks like this:

  <wsHttpBinding>
    <binding name="WSHttpBinding_LargeData" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="99999999" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
      <readerQuotas maxDepth="128" maxStringContentLength="8192" maxArrayLength="163840000" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
      <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
      <security mode="Message">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
        <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establi开发者_C百科shSecurityContext="true"/>
      </security>
    </binding>

The service runs under the a domain user named 'kdmsdev'. The WSDL exported from the service looks like this:

<wsdl:port name="WSHttpBinding_ICustomer" binding="tns:WSHttpBinding_ICustomer">
  <soap12:address location="http://w30-7wfjwh1.internal.com/KDMSPartService/PartService.svc" />
  <wsa10:EndpointReference>
    <wsa10:Address>http://w30-7wfjwh1.internal.com/KDMSPartService/PartService.svc</wsa10:Address>
    <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
      <Upn>kdmsdev@internal.com</Upn>
    </Identity>
  </wsa10:EndpointReference>
</wsdl:port>

Any help to better understand how WCF is using <servicePrincipalName/> on the client-side would be appreciated.

Thanks.

I think WCF is taking your configuration to mean "I don't care who it is at the other, as long as they are on the domain". It is really no different to omitting the element entirely when Kerberos is used.

I believe it will fail if you provide a value that does not match.