The machine account has to be utilized to decrypt the Kerberos token/ticket that is received from Lively Listing and forwarded by the client to your server to authenticate the user. Register the Assistance Principal Title (SPN) to the host, not the user on the app. And don’t ignore data encryption. https://onlineaspnethelp34018.blogpostie.com/50783729/a-review-of-asp-net-project-help