IIS Authentication

K2 Services authentication support depends on the appropriate settings in IIS Authentication. The default configuration for K2 Services on a new site will enable Anonymous Authentication and Windows Authentication with the Windows Providers set to NTLM and Negotiate. When an upgrade is performed, K2 Configuration Analysis will recommend enabling Anonymous Authentication and Windows Authentication with the Windows Providers set to NTLM and Negotiate but will require manually clicking the “Repair” option for any changes to happen to an existing site. This is to ensure that K2 does not automatically change something that was configured a specific way by design.

The IIS Authentication type Anonymous must be enabled for Basic authentication to work. If this authentication type is disabled, K2 Services will only support Windows-based authentication.

The IIS Authentication type Windows must be enabled for Windows authentication to work. If this authentication type is disabled, K2 Services will only support Basic -based authentication. When Windows authentication is enabled, the type of Windows header passed between the client request and IIS will be can vary depending on the Windows environmental configuration. It is recommended to enable both Providers (NTLM and Negotiate) to ensure proper challenge/response and client request header creation regardless of the environmental configuration. The providers can be reduced to only NTLM or Negotiate if the challenge/response and client request header can be guaranteed to match in your environment.

IIS Bindings

K2 Services requires IIS bindings for SSL (HTTPS) and non-SSL (HTTP) support. For more information about configuring SSL, please see the Configure SSL topic.