K2 4.6.7: Multiple binding configuration for K2 Services may overwrite settings on upgrade
KB001435
PRODUCTSummary
Starting with K2 4.6.7, the bindings for K2 Services are configured for both the HTTP and HTTPS protocols. This is a new requirement and may cause your existing bindings to fail.
On upgrade a backup is made of the existing web.config file and a new web.config file is installed.
Details
HTTP and HTTPS bindings, as shown below, are necessary for mobile applications and the K2 for SharePoint Application. As such, inspect the web.config and the web.config.bak files after applying the K2 4.6.7 update to ensure that your binding are still correct for your environment. If necessary, update them again to correspond to your requirements. However, it is recommended that you keep the multiple bindings intact.
The security mode for each binding must be set to Transport for HTTP and TransportCredentialOnly for HTTPS.
<webHttpBinding>
<!-- HTTP binding for REST.svc endpoints -->
<!-- Ensure the REST.svc endpoints are enabled when enabling these bindings -->
<binding name="SourceCode.Services.RestBinding+HTTP">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
<!-- HTTPS binding for REST.svc endpoints -->
<!-- Ensure the REST.svc endpoints are enabled and SSL in IIS is configured when enabling these bindings -->
<binding name="SourceCode.Services.RestBinding+HTTPS">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
Both httpsGetEnabled and httpGetEnabled should also be set to true.
<serviceBehaviors>
<behavior name="SourceCode.Services.RestBehavior">
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
Error
If you receive the following error you have configured K2 Services incorrectly. To workaround this error follow the guidance above.