Anonymous Views or Forms
You can mark specific Views or Forms to be available anonymously. For example, you may want to expose a View/Form to public users who do not have user accounts in your organization's Identity Store. Enabling anonymous access on a View/Form would allow these external users to access that specific View/Form without having to provide credentials.
- An Internet Information Services (IIS) web site, application or virtual directory can be configured to run anonymously; the Application Pool Account user is used to log into K2 HostServer on the site. The Anonymous Access View/Form setting is not required for this scenario. See the Anonymous Access for SmartForms Sites topic for more information
- The Anonymous Access View/Form setting allows a specific View/Form to be marked as anonymous. This allows the View/Form to be executed as the Application Pool Account user inside a site that normally requires authentication. The anonymous access View/Form setting is more secure and removes the need for a second site configured for anonymous access
How to use the Anonymous Access property setting
- Create a View/Form.
- Edit the View/Form.
- In the Properties section under Advanced, select Anonymous Access.
- Obtain or determine the runtime URL for the anonymous View/Form. You can use the View/Form Properties page to determine the URL. You may need to replace the server address part of the URL with the server address of the runtime URL.
- Access the runtime URL as an anonymous user. The View/Form will open without requiring credentials.
Considerations
- A subview/subform opened from a View/Form should also be configured for anonymous access. The property is not automatically inherited by subviews/subforms and must be set individually on the View/Form's properties
- User context information such as Name, Display Name, e-mail, Manager, FQN, etc. will not be populated on an anonymous View/Form since there is no user context
- Behind the scenes, the View/Form will run in the context of the user account of the Application Pool associated with the runtime SmartForms site. Therefore, any integration requiring credentials (for example: SmartObject interaction using the impersonation authentication mode or starting a workflow) would execute under the context of the Application Pool user ID
- If a View/Form is checked-in and marked as Anonymous, the View/Form is run under the appPool user (as if the appPool user was accessing the View/Form). If the View/Form is then checked-out, edited and saved by the same user as the appPool is configured to run under, then all users running the View/Form will see the new edited changes (even if the View/Form is not re-checked in). This is due to the changes that were made by the appPool user account which as stated above is the user under which the View/Form runs for all users
- If users continually receive the error "anonymous token supplied is Invalid" on loading forms or views this could be due to users' IP address changing due to their internal network setup and/or users accessing a K2 site through proxies hiding their correct IP address. For anonymous forms/views an Anonymous token is generated on the form/view request. This token is then sent up on any subsequent requests related to the form/view including ajax requests. This token by default contains the user's IP address to ensure that the client who made the original form/view request is the same client initiating the subsequent ajax requests. If users are continually receiving these errors (and this is not due to expired anonymous tokens), this IP address validation functionality can be disabled by adding the following entry in the AppSettings section of the relevant Designer/Runtime web.config file:
<add key="Forms.AnonymousAuthorizationModule.TokenServerVariables" value="None" />
The web.config files can be found here:
"%ProgramFiles%\K2\K2 smartforms Designer\Web.config"
"%ProgramFiles%\K2\K2 smartforms Runtime\Web.config"