IIS7 - Publishing

Re: Anonymous PUT in WebDAV

robmcm — Fri, 07 Mar 2008 02:53:57 GMT

There are two considerations for Internet Synchronization that apply here:

Internet Synchronization over HTTP/FTP for Microsoft Access databases is provided through the Microsoft Replication Manager, which is no longer supported. This utility shipped with the developer versions of Office 2000 and Office XP, and reached its end of life in July, 2006.
Internet Synchronization over HTTP/FTP required what I would consider unsafe security practices. When you examine the settings that you were required to open for anonymous access, you'll notice that very little security is in use. So I would recommend against using Internet Synchronization even if you accept the fact that Replication Manager is no longer a supported utility.

Re: Anonymous PUT in WebDAV

WebSynchronizer — Thu, 06 Mar 2008 00:52:09 GMT

Jet 4 Replication Manager uses an anonymous put to upload files. Any thoughts on how we can force this to login?

If not, Internet synchronization of a Microsoft Access database can't happen on IIS 7

Re: Anonymous PUT in WebDAV

robmcm — Mon, 18 Feb 2008 22:10:07 GMT

Yes - that would be possible. Essentially as long as the request has some means of entering credentials that will be authenticated before the request gets to the WebDAV module in ExecuteRequestHandler, then the WebDAV module will not be aware that you have implemented some other form of authentication. (Of course, this logic does not apply to Forms Authentication since that is not actually passing credentials via the HTTP headers, only through the HTTP request entity.) So in theory, if you wrote a custom authentication module that used cookies and a server-side mapping of cookies to user accounts that executed in BeginRequest then you authenticate a user on behalf of a cookie-based client.

I have to state, however, that anonymous uploads via WebDAV are not generally a good idea and I always recommend forcing users to log in. ;-)

Re: Anonymous PUT in WebDAV

lcx — Mon, 18 Feb 2008 21:06:17 GMT

Is it possible to use a cookie-based authentication scheme by means of a custom authentication module?

Re: Anonymous PUT in WebDAV

robmcm — Mon, 18 Feb 2008 19:28:18 GMT

Anonymous PROPFINDs are allowed for file listings, but file uploads require an authenticated user.

More specifically, the PUT, MKCOL, PROPPATCH, COPY, MOVE, and DELETE verbs all require authentication.

Anonymous PUT in WebDAV

lcx — Sat, 16 Feb 2008 19:34:39 GMT

How do I enable anonymous PUT?

I have enabled anonymous PROPFIND but PUT requires authentication:

2008-02-16 19:16:11 W3SVC2 SERVER 59.112.38.230 PROPFIND /testfolder - 80 - 59.112.38.230 HTTP/1.1 Microsoft-WebDAV-MiniRedir/6.0.6001 - - www.example.com 207 0 0 805 172 1
2008-02-16 19:16:11 W3SVC2 SERVER 59.112.38.230 PUT /testfolder/Test.mp4 - 80 - 59.112.38.230 HTTP/1.1 Microsoft-WebDAV-MiniRedir/6.0.6001 - - www.example.com 401 0 5 5347 191 3

My settings: