« Previous Next »

• 02-16-2008, 2:34 PM

  lcx Joined on 03-24-2007, 4:05 PM Posts 16

  Anonymous PUT in WebDAV Reply Contact How do I enable anonymous PUT? I have enabled anonymous PROPFIND but PUT requires authentication: 2008-02-16 19:16:11 W3SVC2 SERVER 59.112.38.230 PROPFIND /testfolder - 80 - 59.112.38.230 HTTP/1.1 Microsoft-WebDAV-MiniRedir/6.0.6001 - - www.example.com 207 0 0 805 172 1 2008-02-16 19:16:11 W3SVC2 SERVER 59.112.38.230 PUT /testfolder/Test.mp4 - 80 - 59.112.38.230 HTTP/1.1 Microsoft-WebDAV-MiniRedir/6.0.6001 - - www.example.com 401 0 5 5347 191 3  My settings:     <location path="MySite">         <system.webServer>             <webdav>                 <authoring enabled="true">                     <properties allowAnonymousPropfind="true" />                 </authoring>             </webdav>         </system.webServer>     </location>     <location path="MySite/testfolder">         <system.webServer>             <webdav>                 <authoringRules>                     <add users="?" path="*" access="Read, Write" />                 </authoringRules>             </webdav>         </system.webServer>     </location>

• 02-18-2008, 2:28 PM

  In reply to

  robmcm Joined on 05-27-2006, 1:05 AM Redmond, WA Posts 125	Re: Anonymous PUT in WebDAV Reply Contact Anonymous PROPFINDs are allowed for file listings, but file uploads require an authenticated user. More specifically, the PUT, MKCOL, PROPPATCH, COPY, MOVE, and DELETE verbs all require authentication. Robert McMurray (MSFT, IIS)

• 02-18-2008, 4:06 PM

  In reply to

  lcx Joined on 03-24-2007, 4:05 PM Posts 16	Re: Anonymous PUT in WebDAV Reply Contact Is it possible to use a cookie-based authentication scheme by means of a custom authentication module?

• 02-18-2008, 5:10 PM

  In reply to

  robmcm Joined on 05-27-2006, 1:05 AM Redmond, WA Posts 125

  Re: Anonymous PUT in WebDAV Reply Contact Yes - that would be possible. Essentially as long as the request has some means of entering credentials that will be authenticated before the request gets to the WebDAV module in ExecuteRequestHandler, then the WebDAV module will not be aware that you have implemented some other form of authentication. (Of course, this logic does not apply to Forms Authentication since that is not actually passing credentials via the HTTP headers, only through the HTTP request entity.) So in theory, if you wrote a custom authentication module that used cookies and a server-side mapping of cookies to user accounts that executed in BeginRequest then you authenticate a user on behalf of a cookie-based client. I have to state, however, that anonymous uploads via WebDAV are not generally a good idea and I always recommend forcing users to log in. ;-) Robert McMurray (MSFT, IIS)

• 03-05-2008, 7:52 PM

  In reply to

  WebSynchronizer Joined on 02-26-2008, 9:22 PM Posts 1	Re: Anonymous PUT in WebDAV Reply Contact Jet 4 Replication Manager uses an anonymous put to upload files.  Any thoughts on how we can force this to login? If not, Internet synchronization of a Microsoft Access database can't happen on IIS 7
  	Tags: permissionsIIS7Authorization RulesFolder PermissionsWebDAV

• 03-06-2008, 9:53 PM

  In reply to

  robmcm Joined on 05-27-2006, 1:05 AM Redmond, WA Posts 125

  Re: Anonymous PUT in WebDAV Reply Contact There are two considerations for Internet Synchronization that apply here: Internet Synchronization over HTTP/FTP for Microsoft Access databases is provided through the Microsoft Replication Manager, which is no longer supported. This utility shipped with the developer versions of Office 2000 and Office XP, and reached its end of life in July, 2006. Internet Synchronization over HTTP/FTP required what I would consider unsafe security practices. When you examine the settings that you were required to open for anonymous access, you'll notice that very little security is in use. So I would recommend against using Internet Synchronization even if you accept the fact that Replication Manager is no longer a supported utility. Robert McMurray (MSFT, IIS)