Can't open a kerberos connection FROM web API hosted on IIS using app pool user

I wrote a web API in .net Core 3.1 which is hosted on an unmanaged APP POOL. What the API does is authenticate the client accessing it. The client is sending a JSON payload that has a query and a named database in it.

After retrieving the payload the API is supposed to open a connection to a remote database using the app pool's user credentials. I don't want the clients' credentials forwarded, I want the app pools credentials to be used. The connection to the database uses MIT-Kerberos as a client authentication method.

This is where it fails. All I get is the following stack trace:

2020-08-14 09:46:31.5417 COM.Core.ComLog Error User: Une erreur inattendue est survenue: System.Data.OleDb.OleDbException (0x80004005): [HY000] [Native Code: 30155] [ASEOLEDB]Could not load gssapi library. at System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString constr, OleDbConnection connection) at System.Data.OleDb.OleDbConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource1 retry, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionInternal.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.OleDb.OleDbConnection.Open()

....

There's more but it is non-specific and does not list a cause. Furthermore there is no inner exception. I have also tried ODBC and I get the exact same message with either connection protocol.

I wrote a very basic console program that does the same thing but without controllers and the .net core middelware. When I run it using the same ID as the app_pool on the server the connection is successful.

The fact that the API is hosted on IIS seems to be causing the problem but I just can't seem to figure out why the API can't connect to the remote. Authentication is set to deny anonymous access and Windows authentication is set to true with Negotiate and NTLM in the providers of the app pool.

We've looked up all the PATH variable destinations for kerberos and made sure the 64 bit version libraries are accesible at every location. Still no go.

I am either too dumb to figure it out or dumbfounded by this issue. I hope someone out there has an idea of what could be happening. I haven't found anyything on the web except the generic kerberos installation guides. ugh.

The key to this may that Load User Profile option in IIS AppPool advanced settings is set to "false". Try setting it to "true". This way you may assure yourself that your application pool will use these credentials.