March 02, 2007

WebDAV on Windows: SSL and File Locking

Some time ago I described how WebDAV could be used to securely share files among Windows systems across the Internet. Here I will add a couple of notes about the use of SSL to protect the WebDAV traffic and about the file locking mechanism that WebDAV provides, because there are a few limitations you need to know about if you don't want to spend endless hours trying to make work things that simply can't.

On the server side there is no problem at all; IIS can be configured to require SSL connections with any authentication method desired, from basic up to certificate-based authentication, and all WebDAV methods required for file locking are supportedby IIS. On the client side, however, the following facts need to be taken into account.

First, the WebDAV client included in the Windows operating system has the following limitations:
  • It does not support SSL.
  • It does not support basic authentication by default (from XP SP2 on). You can set a registry key to enable support for basic authentication, but note that it would be a bad move: with no support for SSL the user name and password would end up being sent in the clear across the network.
  • It does not support file locking.
Second, Microsoft Office comes with its own WebDAV client that includes support for file locking (out of the box) and SSL (if you install the appropriate patch: KB892211). Note that both file locking and SSL support will only apply to the applications of MS Office (Word, Excel, etc.). For example, if you try to edit a remote file using notepad.exe over an SSL WebDAV connection you have already established using MS Office you will be able to open the file and edit a local copy but you will not be able to save the changes back to the remote share.

All this means that if you want to use WebDAV over SSL and/or with file locking support with applications other than Microsoft Office you will need a third party WebDAV client. There are several products out there, some free and some commercial. Only make sure the product you choose supports the features you want (SSL, file locking, etc.) because not all products support all features.

David.

Labels:

12 Comments:

Anonymous Anonymous said...

Wow. You just saved me from hours and hours of computer frustrations. Big thanks. S.

8:43 PM  
Blogger David Perez said...

Glad to hear so!

David.

9:31 AM  
Anonymous Anonymous said...

Does this limitations of webdav in windws explorer causes MS Office files to get stuck when tried opening from windows explorer using webdav?

10:15 AM  
Blogger David Perez said...

Hi anonymous,

If the server requires SSL for the webdav folders then windows explorer (without MS Office and the patch) will not be able to even display the contents of the shared folders (it will timeout in trying), much less to open the files in them, regardless of their type (.doc, .xls, .txt, etc.).

Does that answer your question or am I missing something?

David.

7:29 PM  
Anonymous Anonymous said...

You said that "it does not support SSL". To be exact XP dosn't support SSL. Vista does.

11:45 AM  
Blogger David Perez said...

Hi anonymous,

Fair comment! I did refer to XP. I haven't tested this with Vista yet but I'll take your word for it.

Thanks for sharing!

9:23 PM  
Anonymous Anonymous said...

I have IIS 5.1 SSL setup. I'm trying to map to the WebDAV folder on IIS using a SSL connection.

The address I'm mapping to is something like https://myserver.net:8000, I'm not using the standars SSL port 443.

When I map to it in Vista, I'm asked to selecte a certificate. I don't have a certificate on my clients, only a self-signed one on the server.

If I map to the same address without the SSL, it works fine.

Does it have something to do with enabling basic authentication in the registry?

11:28 PM  
Anonymous Anonymous said...

Vista DOES NOT support SSL, as you state in your article. Whomever said it does needs to be more specific, or expain how. I spent hours and hours across multiple days trying to get it working, and it just doesn't. No level of URL or CLI or other trickery worked. I was using Vista Ultimate, perhaps other versions of Vista (sigh) do work, but Ultimate sure as hell doesn't.

4:33 PM  
Blogger David Perez said...

I'll take a look at it (webdav-ssl-vista) as soon as I can.

David.

10:50 PM  
Blogger David Perez said...

I finally found the time to look into this. In short, Vista DOES support SSL for WebDAV.

Please see my new post: http://radajo.blogspot.com/2008/08/webdav-with-ssl-on-vista.html

David.

1:19 PM  
Anonymous Anonymous said...

In SSL mode if i open a word document using MS Word that is locked by another user, the webdav server is sending a 403 status code. Then, I see a popup in word asking to choose a certificate. Is this because of this particular status code.
fyi: i am not in a position to experiment with the server's implementation and play around with other status codes.

3:04 PM  
Blogger David Perez said...

I don't know the answer off the top of my head. Since you mention you can't experiment with the server, I suggest you do some testing in a virtual testing environment instead (e.g. using VMware Workstation or MS Virtual PC). All you need is a server and a couple of clients with MS Office.

David.

3:19 PM  

Post a Comment

<< Home