Skip to Content
author's profile photo
Former Member

SSO to SAP from .NET Web Service application

Hello,

I have created an ASP .NET Web Service application that employs the SAP .NET Connector to connect to the SAP R/3 4.6b. Presently this application uses a CPIC id to connect to SAP to expose the BAPIs and RFCs as the Web Methods of the Web Service.

Is it possible to have a Single Sign-On to SAP in this scenario?

If yes, what SSO technique would be most applicable?

The Web service is available in the intranet environment and it can be consumed by variety of the client applications running in the Microsoft environment.

Following are the examples of the applications that could consume the web service methods: (.NET web application, integration broker, SAP portal or another web service).

We have the Active Directory implemented throughout the company but I am not sure how that could be used to help me with the solution.

The ultimate goal is to have a web service that connects to SAP using the identity of the client. The proper authentication and authorization into SAP is very critical especially in the situations when the web services will write back into SAP. Another area of concern is the SAP client license management.

Any suggestions will be greatly appreciated.

Thanks,

Kris Zywicki

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Apr 27, 2004 at 11:49 AM

    Hello Kris,

    the problem with such a scenario is that there is no standard for Web Service authentication. Therefore there is not standard to identify a user that you can later use for SSO.

    As web services are HTML-based, you could use various approaches for authentication - each giving you a way for .NET connector SSO:

    1. Use a X.509 client certificate

    2. Use NTLM/Kerberos authentication

    3. Use a special cookie.

    Because there is no standard, it depends on your client app which method you use. In a .NET WebService client all of the three are possible (with some coding).

    For 1. and 2. you could use the procedure that is described in

    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/documents/a1-8-4/how to use windows nt logon for single sign-on in an sap web application.article

    For 3. you could use the MYSAPSSO2 approach. There is an article coming up this week. However, your client needs the MYSAPSSO2 ticket from somewhere, e.g. a SAP portal.

    Add comment
    10|10000 characters needed characters exceeded