In K2, we have a workflow that calls a WCF service via a custom K2 smartobject service dll using a softcoded username and password in the service object code.
Currently, the username and password are exposed as service keys and entered into the smartobject service tester console when the service instance is registered.
It is a security requirement that the username and password not be exposed to the K2 administrator....or any party other than the WCF system administrator..when entered....just as we do when we enter application pool service account passwords in IIS for example!
Is there a way to mask/hide the password that is set when we register the service dll or is there a more native way to cache username and password inside K2 for the service dll to retrieve and use to connect to the WCF service?
Alternatively, we could use the K2 service account if granted the same wcf priviledges but is there a way to retrieve its password from the current context and use this to connect to the wcf?
We are using the latest K2 updated software...and have yet to figure out how to cache credentials from the help files...Any help is appreciated!
Tx