Yes - that would be possible. Essentially as long as the request has some means of entering credentials that will be authenticated before the request gets to the WebDAV module in ExecuteRequestHandler, then the WebDAV module will not be aware that you have
implemented some other form of authentication. (Of course, this logic does not apply to Forms Authentication since that is not actually passing credentials via the HTTP headers, only through the HTTP request entity.) So in theory, if you wrote a custom authentication
module that used cookies and a server-side mapping of cookies to user accounts that executed in BeginRequest then you authenticate a user on behalf of a cookie-based client.
I have to state, however, that anonymous uploads via WebDAV are not generally a good idea and I always recommend forcing users to log in. ;-)
There are two considerations for Internet Synchronization that apply here:
<div mce_keep="true">Internet Synchronization over HTTP/FTP for Microsoft Access databases is provided through the Microsoft Replication Manager, which is no longer supported. This utility shipped with the developer versions of Office 2000 and Office XP,
and reached its end of life in July, 2006.</div>
<div mce_keep="true">Internet Synchronization over HTTP/FTP required what I would consider unsafe security practices. When you examine the settings that you were required to open for anonymous access, you'll notice that very little security is in use. So
I would recommend against using Internet Synchronization even if you accept the fact that Replication Manager is no longer a supported utility.</div>
lcx
16 Posts
Anonymous PUT in WebDAV
Feb 16, 2008 06:34 PM|LINK
How do I enable anonymous PUT?
I have enabled anonymous PROPFIND but PUT requires authentication:
2008-02-16 19:16:11 W3SVC2 SERVER 59.112.38.230 PROPFIND /testfolder - 80 - 59.112.38.230 HTTP/1.1 Microsoft-WebDAV-MiniRedir/6.0.6001 - - www.example.com 207 0 0 805 172 1
2008-02-16 19:16:11 W3SVC2 SERVER 59.112.38.230 PUT /testfolder/Test.mp4 - 80 - 59.112.38.230 HTTP/1.1 Microsoft-WebDAV-MiniRedir/6.0.6001 - - www.example.com 401 0 5 5347 191 3
My settings:
<location path="MySite">
<system.webServer>
<webdav>
<authoring enabled="true">
<properties allowAnonymousPropfind="true" />
</authoring>
</webdav>
</system.webServer>
</location>
<location path="MySite/testfolder">
<system.webServer>
<webdav>
<authoringRules>
<add users="?" path="*" access="Read, Write" />
</authoringRules>
</webdav>
</system.webServer>
</location>
robmcm
308 Posts
MVP
Microsoft
Moderator
Re: Anonymous PUT in WebDAV
Feb 18, 2008 06:28 PM|LINK
Anonymous PROPFINDs are allowed for file listings, but file uploads require an authenticated user.
More specifically, the PUT, MKCOL, PROPPATCH, COPY, MOVE, and DELETE verbs all require authentication.
lcx
16 Posts
Re: Anonymous PUT in WebDAV
Feb 18, 2008 08:06 PM|LINK
Is it possible to use a cookie-based authentication scheme by means of a custom authentication module?
robmcm
308 Posts
MVP
Microsoft
Moderator
Re: Anonymous PUT in WebDAV
Feb 18, 2008 09:10 PM|LINK
Yes - that would be possible. Essentially as long as the request has some means of entering credentials that will be authenticated before the request gets to the WebDAV module in ExecuteRequestHandler, then the WebDAV module will not be aware that you have implemented some other form of authentication. (Of course, this logic does not apply to Forms Authentication since that is not actually passing credentials via the HTTP headers, only through the HTTP request entity.) So in theory, if you wrote a custom authentication module that used cookies and a server-side mapping of cookies to user accounts that executed in BeginRequest then you authenticate a user on behalf of a cookie-based client.
I have to state, however, that anonymous uploads via WebDAV are not generally a good idea and I always recommend forcing users to log in. ;-)
WebSynchroni...
1 Post
Re: Anonymous PUT in WebDAV
Mar 05, 2008 11:52 PM|LINK
Jet 4 Replication Manager uses an anonymous put to upload files. Any thoughts on how we can force this to login?
If not, Internet synchronization of a Microsoft Access database can't happen on IIS 7
permissions IIS7 Authorization Rules Folder Permissions WebDAV
robmcm
308 Posts
MVP
Microsoft
Moderator
Re: Anonymous PUT in WebDAV
Mar 07, 2008 01:53 AM|LINK
There are two considerations for Internet Synchronization that apply here:
artisticchee...
74 Posts
Re: Anonymous PUT in WebDAV
Feb 09, 2012 04:31 PM|LINK