Skip to Content
Former Member
Apr 14, 2016 at 12:13 AM

Problem with .Net web app (IIS) using SNC and delegation for SSO


I have a very similar problem to the one posted below from a few years ago but has been unanswered.

We have a .Net4.0 web app running on IIS7.5. It runs in a corporate environment (with Kerberos/Windows Auth) and needs to connect into an SAP backend using RFC via the .Net Connector. I'm trying to use SNC and delegate/impersonate the users through the web app.

The web app (IIS) is configured very similar to the instructions here:

I'm using a service account for my app pool have it setup with unconstrained delegation. It has a SPN to my webserver. I think my delegation is configured correctly because I have tested it connecting to other IIS servers and I'm able to pass my user's Kerberos information.

In my web app, I have the SNC configuration set as so:

RfcConfigParameters.SncMode = "1";

RfcConfigParameters.SncLibraryPath = @"C:\qgsskrb5.dll";

RfcConfigParameters.SncPartnerName = "";

RfcConfigParameters.SncMyName, "";

The SNC library we are using was taken from a SAP GUI client. When I run my web app locally, it is able to connect into SAP. However, when I deploy the app to my webserver and try to connect through it, i get the following error:

GSS-API(maj): No valid credentials provided (or available)

GSS-API(min): No Kerberos SSPI credentials available for requested name=""

I'm guessing there is a delegation problem in the SNC connection but I'm having troubles determining why.

Any help would be much appreciated!