We're updating some of our product names. K2 Five is now Nintex Automation. You may see both product names in our help pages while we make this change.

Anonymous Access for SmartForms Sites

If public users, who don't belong to a company's Active Directory or other Identity Store, are required to open SmartForms, anonymous access rights can be assigned to these people.

Anonymous Access is granted on a specific Internet Information Services (IIS) web site, application or virtual directory. SmartForms supports anonymous access by using the Application Pool Account user to log into K2 HostServer on the site that is created for these users. Either all access to K2 on this site is Anonymous from an IIS perspective or Windows or Forms Authentication is applied.

Should you need to grant certain users Anonymous Access rights and other users Windows or Forms Authentication rights, two runtime sites can be installed where one is configured for anonymous access and the other for authenticated access.

To enable anonymous access, perform the following steps:

Set IIS authentication to ONLY anonymous authentication.
Set appSetting ConnectAsAppPool to "true". This setting can be found in the web.config file of the runtime virtual directory in the IIS K2 Site. The location is by default:
"%ProgramFiles%\K2\K2 smartforms Runtime".
Comment out the <deny users="?" /> under the main <authorization> node (not those under the <location> nodes).
Uncomment the <allow users="*" /> tag.

To set authentication access:

Set IIS Authentication to allow anonymous access AND either Windows or Forms authentication.
Set appSetting ConnectAsAppPool to "false".
Uncomment the <deny users="?" /> under the main <authorization> node (not those under the <location> nodes).
Comment out the <allow users="*" /> tag.

Important Consideration

When the K2 for SharePoint feature activation is executed the virtual directories for WebDesigner and EventWeb are created under layouts/WebDesigner/EventWeb. If Anonymous Authentication is allowed on the site level, the WebDesigner and EventWeb directories will inherit these permissions. If the site is a Claims-based Authentication site, having Anonymous Authentication enabled will cause issues when connecting to the K2 server. Anonymous Authentication should be set to disabled for WebDesigner and EventWeb directories in this case.

When Windows STS authentication OR Forms STS authentication is enabled, it is important to frequently save work that has been done in the K2 Designer as work might be lost when the same session is left open for 8 hours or longer.