Problem with .Net web app (IIS) using SNC and delegation for SSO
I have a very similar problem to the one posted below from a few years ago but has been unanswered.
We have a .Net4.0 web app running on IIS7.5. It runs in a corporate environment (with Kerberos/Windows Auth) and needs to connect into an SAP backend using RFC via the .Net Connector. I'm trying to use SNC and delegate/impersonate the users through the web app.
The web app (IIS) is configured very similar to the instructions here:
I'm using a service account for my app pool have it setup with unconstrained delegation. It has a SPN to my webserver. I think my delegation is configured correctly because I have tested it connecting to other IIS servers and I'm able to pass my user's Kerberos information.
In my web app, I have the SNC configuration set as so:
RfcConfigParameters.SncMode = "1";
RfcConfigParameters.SncLibraryPath = @"C:\qgsskrb5.dll";
RfcConfigParameters.SncPartnerName = "p:sap@sub.contoso.com";
RfcConfigParameters.SncMyName, "p:myId@sub.contoso.com";
The SNC library we are using was taken from a SAP GUI client. When I run my web app locally, it is able to connect into SAP. However, when I deploy the app to my webserver and try to connect through it, i get the following error:
GSS-API(maj): No valid credentials provided (or available)
GSS-API(min): No Kerberos SSPI credentials available for requested name="p:myId@sub.contoso.com"
I'm guessing there is a delegation problem in the SNC connection but I'm having troubles determining why.
Any help would be much appreciated!