Introduction
K2 smartforms 1.0.2 sites use a combined resources file which requires anonymous access on the IIS server. In certain cases, the K2 Setup Manager's configuration analysis tool's repair option incorrectly sets these sites' anonymous authentication to 'false'. This then causes (401) Unauthorized errors during the call from the CombinedResource.ashx handler.

Error Message
Anonymous authentication is enabled to support public accessible resources (CSS/JS, images etc.). This allows the server to request the combinable resource from itself plus it allows proxies to cache public files (they cannot cache resources that need authenticated access). During the combined resources process the web server receives a URL with a collection of resources to combine. The server then requests each combinable resource from itself to ensure correct processing. The responses are cached and combined into a single response for the client browser.

If the server is authorized to see the resource, but cannot authenticate anonymously, then the call to get the combinable resource will fail. When that happens, a 500 server error in the response from the CombinedResource.ashx handler is thrown.

The body content will resemble the following:

/* Generated 2013-05-30T23:14:34.7156337Z */
/* Source: /Runtime/Styles/Themes/Core.css?v=4.12345.13150.7 */
/* Failed to get resource: SourceCode.Forms.AppFramework.AsyncException: Asynchronous operation failed --->
System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SourceCode.Forms.AppFramework.CombinedResourceUtility.RetrieveRequestComplete(IAsyncResult ar)
--- End of inner exception stack trace ---
at SourceCode.Forms.AppFramework.AsyncResult.EndRequest()
at SourceCode.Forms.AppFramework.AsyncResult`1.EndRequest()
at SourceCode.Forms.AppFramework.CombinedResourceHandler.ProcessRequest(HttpContext context, CacheEntry entry) */
/* Source: /Runtime/Rules/Styles/Platinum/CSS/ConditionWidget.css?v=4.12345.13150.7 */



Workaround
Anonymous access needs to be enabled for all K2 smartforms 1.0.2 design and runtime sites.

This can be configured in the IIS controls using the Authentication setting (see the authentication element - http://msdn.microsoft.com/en-us/library/ms691277(v=vs.90).aspx).
Image

This can also be manually edited in the web.config file for the site. For example, in C:\Program Files (x86)\K2 blackpearl\K2 smartforms Designer and C:\Program Files (x86)\K2 blackpearl\K2 SmartForms Runtime.

<system.webServer>
    {snip}
   <security>
      <authentication>
        <anonymousAuthentication enabled="true" />
        <windowsAuthentication enabled="true" authPersistNonNTLM="true" authPersistSingleRequest="false" />
      </authentication>
      {snip}
    </security>
    {snip}
</system.webServer>