Connecting to a K2 server without manually specifying username/password

Question

The examples of connecting to a K2 server in the K2 developer reference like here and here all involve setting a username and password in the connection parameters. Using this approach would mean I'd need to store a password in either plaintext or at best using two-way encryption, which is obviously not good practice.

Is there an alternative way, perhaps using a token, to establish these connections? It's hard to believe that every app using this functionality just stores a password somewhere, there are obvious security implications to that.

Answer 1

Note - I am not a K2 API expert, but I've come across it as a product, and do know for sure that it natively supports Windows Authentication. The same page, for which you provided the link, states the following -

connectionSetup.ConnectionParameters["Authenticate"] = "true";
connectionSetup.ConnectionParameters["Host"] = "LOCALHOST";
connectionSetup.ConnectionParameters["Integrated"] = "true";
connectionSetup.ConnectionParameters["IsPrimaryLogin"] = "true";
//connectionSetup.ConnectionParameters["Originator"] = "false";
connectionSetup.ConnectionParameters["Password"] = "{YourPassword}";
connectionSetup.ConnectionParameters["Port"] = "5252";
connectionSetup.ConnectionParameters["SecurityLabelName"] = "K2";
//connectionSetup.ConnectionParameters["SecurityPackage"] = "Kerberos,NTLM";
connectionSetup.ConnectionParameters["UserID"] = "{YourUserName}";
connectionSetup.ConnectionParameters["WindowsDomain"] = "{YourDomain}";

The third parameter here is Integrated=true and while the documentation is not explicit about it, I'd recommend to use this parameter, and try connect while ignoring the user id and password. Assuming that K2 is configured for Windows Authentication, it should work without having to provide explicit user name or password.. and certainly without need to store them yourself as a client of K2.

Answer 2

You may use Integrated Security. K2 will then use the same user than the one currently logged in and you do not need to pass any credential.