K2 Runtime web.config File Security Settings
The following Security items are available in the K2 smartforms web.config file typically found at: C:\Program Files\K2\K2 smartforms Runtime\Web.config.
| Node | Change permitted? | Description | Example or Default Value |
|---|---|---|---|
|
<add key="DefaultAuthData" value="" /> |
Yes | Advanced setting used for specialized security provider. Sends security authentication to security provider | Depending on the security provider's specification |
|
<!--<add key="DefaultSecurityLabel" value="K2"/>--> |
Yes | Useful for example when Workspace is not on the K2 domain and authentication is made under the context of the Application Pool where the Application Pool does not have access to the K2 HostServer. This setting allows for the security label to be manually overwritten ensuring that this scenario will work. | The DefaultSecurityLabel is used when specified. Leave blank to use the URM default security label. |
|
<!--<add key="SecurityLabels" value="K2;K2SQL"/>--> |
Yes | SecurityLabels that are available. This list can be filtered to only authenticate against those security labels. Used for Forms Authentication | Semi-colon separated list. Leave blank to use all the URM security labels |
|
<!--<add key="IntegratedSecurityLabels" value="K2" />--> |
Yes | SecurityLabels that use integrated security. Used to identify when IsIntegrated should be added to the connection string. Used for Forms Authentication | Semi-colon separated list |
|
<!--<add key="NonIntegratedSecurityLabels" value="K2SQL"/>-->
|
Yes | SecurityLabels that do not use integrated security. Used to identify when IsIntegrated should be added to the connection string. Used for Forms Authentication | Semi-colon separated list |
|
<add key="ExcludedSecurityLabels" value="SP" /> |
Yes | SecurityLabels that should be excluded when authenticating users. Used for Forms Authentication | Semi-colon separated list |
|
<add key="ConnectAsAppPool" value="false" /> |
Yes | Allow anonymous access and interact with K2 Server as the Application Pool Account. See the following topic: K2 smartforms > Considerations > Authentication> Anonymous Access |
One of the following:
|
|
<!--<add key="Forms.Authentication.Persistence" value="true"/>--> |
Yes | Controls whether the "remember me" option is available for Forms Authentication. When set to true, the "remember me" option is enabled |
One of the following:
|
|
<!--<add key="Forms.Authentication.SessionKeepAlive" value="true"/>--> |
Yes | This enables tracking of user session expiry. | One of the following:
|
|
<!--<add key="Forms.Authentication.WarnTimeout" value="30"/>--> |
Yes | This config value specifies the time in seconds before the user’s session expires that the user should be warned | The number of seconds |
|
<add key="Authentication.Algorithm" value="{Base64EncodeString}" /> <add key="Authentication.Key" value="l5h1EY2qczSj0f8DNsLQElNqCWkV1m4o" /> <add key="Authentication.IV" value="{Base64EncodeString}" /> |
No | Used for Forms Authentication for additional encryption of user credentials | N/A |
|
<!--<add key="Forms.AuthenticationCookie.Name" value=".K2AUTH"/>--> |
No | Credential token sharing. Authenticate a user once and allows for an authenticated token to be re-used in multiple connections by storing a cookie in the browser section | N/A |
|
<!--<add key="Forms.AuthenticationCookie.Duration" value="0"/>--> |
No | Duration of current browser session. Default is zero. Noted in seconds | N/A |