I would like to be able to create a socket in C# and marshal it to a C function that expects a winsock 2 socket (or vice versa), allow the C library to use that socket to communicate and once it’s done use the socket again in the C# managed context to do the actual work.

The C library is the win32 kerberos implementation that assumes a winsock socket/fd. I would like to be able to use the krb5_recvauth() function to perform all the authentication but not have to write the entire server using wrapped win32 calls.

Using all-C or all-C++ in the server is not an option; C# is unavoidable for unrelated reasons. Using an alternative kerberos implementation is an option but it must be able to speak to the vanilla C kerberos library. Using two ports on the server, one for kerb and one for C# is an option but that feels like a hack and a hard-to-secure one at that.