Skip to Content
author's profile photo Former Member
Former Member

SSO to SAP from .NET Web Service application


I have created an ASP .NET Web Service application that employs the SAP .NET Connector to connect to the SAP R/3 4.6b. Presently this application uses a CPIC id to connect to SAP to expose the BAPIs and RFCs as the Web Methods of the Web Service.

Is it possible to have a Single Sign-On to SAP in this scenario?

If yes, what SSO technique would be most applicable?

The Web service is available in the intranet environment and it can be consumed by variety of the client applications running in the Microsoft environment.

Following are the examples of the applications that could consume the web service methods: (.NET web application, integration broker, SAP portal or another web service).

We have the Active Directory implemented throughout the company but I am not sure how that could be used to help me with the solution.

The ultimate goal is to have a web service that connects to SAP using the identity of the client. The proper authentication and authorization into SAP is very critical especially in the situations when the web services will write back into SAP. Another area of concern is the SAP client license management.

Any suggestions will be greatly appreciated.


Kris Zywicki

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Apr 27, 2004 at 11:49 AM

    Hello Kris,

    the problem with such a scenario is that there is no standard for Web Service authentication. Therefore there is not standard to identify a user that you can later use for SSO.

    As web services are HTML-based, you could use various approaches for authentication - each giving you a way for .NET connector SSO:

    1. Use a X.509 client certificate

    2. Use NTLM/Kerberos authentication

    3. Use a special cookie.

    Because there is no standard, it depends on your client app which method you use. In a .NET WebService client all of the three are possible (with some coding).

    For 1. and 2. you could use the procedure that is described in to use windows nt logon for single sign-on in an sap web application.article

    For 3. you could use the MYSAPSSO2 approach. There is an article coming up this week. However, your client needs the MYSAPSSO2 ticket from somewhere, e.g. a SAP portal.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.