WebDAV on Windows: SSL and File Locking
Some time ago I described how WebDAV could be used to securely share files among Windows systems across the Internet. Here I will add a couple of notes about the use of SSL to protect the WebDAV traffic and about the file locking mechanism that WebDAV provides, because there are a few limitations you need to know about if you don't want to spend endless hours trying to make work things that simply can't.
On the server side there is no problem at all; IIS can be configured to require SSL connections with any authentication method desired, from basic up to certificate-based authentication, and all WebDAV methods required for file locking are supportedby IIS. On the client side, however, the following facts need to be taken into account.
First, the WebDAV client included in the Windows operating system has the following limitations:
All this means that if you want to use WebDAV over SSL and/or with file locking support with applications other than Microsoft Office you will need a third party WebDAV client. There are several products out there, some free and some commercial. Only make sure the product you choose supports the features you want (SSL, file locking, etc.) because not all products support all features.
David.
On the server side there is no problem at all; IIS can be configured to require SSL connections with any authentication method desired, from basic up to certificate-based authentication, and all WebDAV methods required for file locking are supportedby IIS. On the client side, however, the following facts need to be taken into account.
First, the WebDAV client included in the Windows operating system has the following limitations:
- It does not support SSL.
- It does not support basic authentication by default (from XP SP2 on). You can set a registry key to enable support for basic authentication, but note that it would be a bad move: with no support for SSL the user name and password would end up being sent in the clear across the network.
- It does not support file locking.
All this means that if you want to use WebDAV over SSL and/or with file locking support with applications other than Microsoft Office you will need a third party WebDAV client. There are several products out there, some free and some commercial. Only make sure the product you choose supports the features you want (SSL, file locking, etc.) because not all products support all features.
David.
Labels: Windows
posted by David Perez at 11:09 AM
12 Comments:
Wow. You just saved me from hours and hours of computer frustrations. Big thanks. S.
Glad to hear so!
David.
Does this limitations of webdav in windws explorer causes MS Office files to get stuck when tried opening from windows explorer using webdav?
Hi anonymous,
If the server requires SSL for the webdav folders then windows explorer (without MS Office and the patch) will not be able to even display the contents of the shared folders (it will timeout in trying), much less to open the files in them, regardless of their type (.doc, .xls, .txt, etc.).
Does that answer your question or am I missing something?
David.
You said that "it does not support SSL". To be exact XP dosn't support SSL. Vista does.
Hi anonymous,
Fair comment! I did refer to XP. I haven't tested this with Vista yet but I'll take your word for it.
Thanks for sharing!
I have IIS 5.1 SSL setup. I'm trying to map to the WebDAV folder on IIS using a SSL connection.
The address I'm mapping to is something like https://myserver.net:8000, I'm not using the standars SSL port 443.
When I map to it in Vista, I'm asked to selecte a certificate. I don't have a certificate on my clients, only a self-signed one on the server.
If I map to the same address without the SSL, it works fine.
Does it have something to do with enabling basic authentication in the registry?
Vista DOES NOT support SSL, as you state in your article. Whomever said it does needs to be more specific, or expain how. I spent hours and hours across multiple days trying to get it working, and it just doesn't. No level of URL or CLI or other trickery worked. I was using Vista Ultimate, perhaps other versions of Vista (sigh) do work, but Ultimate sure as hell doesn't.
I'll take a look at it (webdav-ssl-vista) as soon as I can.
David.
I finally found the time to look into this. In short, Vista DOES support SSL for WebDAV.
Please see my new post: http://radajo.blogspot.com/2008/08/webdav-with-ssl-on-vista.html
David.
In SSL mode if i open a word document using MS Word that is locked by another user, the webdav server is sending a 403 status code. Then, I see a popup in word asking to choose a certificate. Is this because of this particular status code.
fyi: i am not in a position to experiment with the server's implementation and play around with other status codes.
I don't know the answer off the top of my head. Since you mention you can't experiment with the server, I suggest you do some testing in a virtual testing environment instead (e.g. using VMware Workstation or MS Virtual PC). All you need is a server and a couple of clients with MS Office.
David.
Post a Comment
<< Home