Locking down K2 Designer?

  • 22 December 2016
  • 3 replies
  • 4 views
S
Userlevel 3
Badge +16

Hi,

 

At the moment i had Anonymous Access and Forms Authentication set on the Designer site, however i discovered that any domain User can open Designer and edit the forms......

 

What is the best way to lock down Designer so that only Local Server Administrators Group or an Active Directory can access Designer?

 

I tried adding Local Admins under IIS to the Authorization Rules part and took out "allow all users", but that won't even let the local Admin load Designer - i just get the 401 error Unauthorised access....

 

Any ideas?

3 replies

S
Badge +4

Hmmm.....  I'm using Windows Authentication (NTLM).  When I go into IIS Manager | K2 | Designer | IIS | Authorization Rules and remove "Allow All Users" and add an allow rule for denallixFinance, the members of the Finance group are able to access Designer just fine.  Seems like Forms Authentication shouldn't be any different since you are authenticating Active Directory users.

S
Userlevel 3
Badge +16

Hi ste,

 

Happy new year.

 

Just got round to looking at this again.

 

Even if i add a local server group or an Active directory Group, I still get the message "K2 smartforms, Not authorized"

 

If i set the authorization rule to "allow all users", everyone can pretty open designer and edit the forms....

 

Scary!!!

S
Badge +4

Try creating a web site in IIS to serve out a static HTML page (i.e. take K2 entirely out of the picture for a moment).  Configure the forms auth and make sure you can access the page.  Then add the a group to the authorization rule and see if non-members immediately blocked from accessing the page.  If the non-member still has access to the page, your problem isn't K2.  It could be the authorization rule, itself.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings