« Previous Next »

• 10-14-2008, 10:47 PM

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12

  IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Hi all, done a bit of searching and not been able to find an answer to this issue. I have a Windows 2003 Server with IIS6 and Webdav this server has Virtual Directories connecting to UNC Share paths where users can log on and gain access to their files on our windows file servers over the internet via https and using basic auth,I have the the virtual directories set to "always use the authenticated user's credentials when validing access to the network directory" and all works nice and well and users only gain access to folders they should  Also these servers are all apart of an Active Directory Domain (expect end clients connecting via https)  Now i have read on this site about setting up WebDav in IIS7 and i have attempted to setup pretty much the same configuration as above with not alot of luck, i did read about IIS7 wanting some Path Creds to gain access to a UNC path but would use "User Creds" for access but this does not seem to be true in my case, so i figure i must be doing it wrong. I was hoping that Pass Thru would work but of course i get an Error 500 and if i do give some Path Creds its that account it uses when surfing the Folders not the "Basic Creds i supply when i auth against IIS using basic auth Does anyone have a good URL or Info for setting this up or tell me what i could be doing wrong. As i have followed as per instructions on this site i think i have everything required to run correctly. Also created a folder locally on the IIS server with premissions works with no issues.  Thanks

• 10-15-2008, 4:03 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact  OK, a nights sleep does wonders.  All sorted now Of course maybe where i was reading didn't put it in or maybe i just cant read period  But for anyone else Created application pool. no managed code and set to run as a domain account with access to the UNC path, then turned VDIR into application running in this application pool

• 12-02-2008, 9:32 PM

  In reply to

  JonathanKing Joined on 12-03-2008, 2:31 AM Posts 3	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Hi, I am trying to do exactly the same thing. Can you perhaps post a mini-guide with the steps you performed to get this working? Thanks!

• 12-02-2008, 9:47 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Ok first off in IIS7 you need to create a new application Pool, I called mine Webdav   This application pool needs to be set to run “no Managed Code”   You also need to set the Identity of this application Pool to a domain account with Access to the Server shares you want to display via webdav I have a service account that is a domain admin so I just used that account so far I have not tested if a non domain admin account will work BUT I see no reason why it should not work as long as the account has access to the share (which from memory is the important thing)   Also in application settings pool, set Load User Profile to False   Next will be to add the Virtual Directory and set the Connect as settings to application user (Pass thru)   Final step is to then set the Virtual Directory as an application and use the application pool you have created  above and all should work

  Tags: IIS7 WebDav

• 12-02-2008, 10:54 PM

  In reply to

  JonathanKing Joined on 12-03-2008, 2:31 AM Posts 3	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Thanks for such a quick reply. I am going to try this very soon, but am concerned about using a domain admin account for the app pool. I'll write back with the results of trying to limit the rights of the pool. -jonathan

• 12-02-2008, 11:01 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact  Sure, It does not use the "application pool" account for access to folders it still uses the "users" logons for access, no idea why they did this, but a normal account with access to the share should still work let me know, i do plan to change mine to an account with less access also   Cheers

• 03-05-2009, 9:47 PM

  In reply to

  alias_here Joined on 03-06-2009, 2:05 AM Posts 2

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Hi guys, I am trying to do the exact same thing. I used to have home directories shared off a UNC path with WebDAV using IIS6 and 2003 Server. Now I want to port it over to 2008 and IIS7. Setup is as follows 2008 server standard running IIS7 An application pool called "WebDAV" has been created and uses the account "domain\binduser". This user has read permission to the root of the share. The virtual directory student has been created off the default web root. The physical path is \\files\student where all the home directories are stored. The virtual directory is set to run using the WebDAV application pool. Windows Authentication is turned on for student and all other auth methods are off. Directory Browsing is turned on for student When I go to navigate to the page from any logged in client in our network, the user authentication box comes up. The WebDAV site I am trying to host is an intranet zone and i can confirm that the browser is sending the negotiation - I used wireshark to see what was happening in the auth process and I can see all the Negotiate HTTP headers If I access the site from the server it is hosted on using http://localhost/student it logs in fine and uses the logged in user account. If I access the site from the server but use its hostname instead (its called vpn) http://vpn/student I get the same authentication prompt as if I were a remote machine. As a test, I shared a directory C:\test on the web server and set it to the virtual path /test. I turned on Windows Authentication and turned off all other auth methods. I could access this share fine. The problems seem to only be happening with UNC shares.  Finally, if I use basic authentication, I can log in successfully - regardless if I am accessing from the server of from another PC. Basic auth is not ideal as it will prompt the users for their auth details and not pass them through using Kerberos/NTLM (or whichever auth method Windows decides to use). I have read through many forums here and been googling for the last few days so this is really a last resort. Thanks in advance :D

• 03-24-2009, 4:29 AM

  In reply to

  alias_here Joined on 03-06-2009, 2:05 AM Posts 2

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact I kinda figured it out. I thought I'd post it here for completeness sake. Kerberos was failing and not authenticating properly. I thought that IIS7 would change the authenticate method to NTLM but It kept failing on Kerberos and continued asking for a user name/password. I eventially ended up changing the website to bind to a different host name other than the name of the server. If you want to do kerberos auth on a website under a different host name other that the one of the server the site is hosted off, you also need to use the setspn utility to add a Service Principal Name record to AD. Without this the auth will fail. EG: setspn -A HTTP/hostname.of.site realservername. The real server name needs to be the NetBIOS name of the server. After adding this record, authentication worked : D. I still dont know exactly why kerberos wouldn't work using the default web site that already setup with IIS7 and using the actual server name. I tried using the setspn utility like setspn -A HTTP/servername servername but this didn't work either. I also found out that the reason I could connect using localhost on the web server was because Internet Explorer always connects using NTLM rather than kerberos which was working fine. If you are still having issues, you can disable Kerberos completely and just use NTLM. This isn't available in the IIS server manager, but needs some manual work. Although not reccomended, Google can help you out here.

• 07-01-2009, 1:55 AM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Hi Thanks for your input to my Post, I hope you can all contribute, i am updating this with a question emailed to me and my response, you may have something to add.  This was sent to me I have an IIS7 webserver with webdav. I have a secure site and an application under that site at points at the UNC path of my fileserver. Basic Authentication and Anonymous Auth are enabled. If I try to open a webdav folder (a subfolder of my application path https://site.edu/student/accountname) the basic auth challenge comes up and sometimes it will work just fine. Other times I type in the correct credentials and it comes back. After challenging me 3 times is gives up. It's completely random as well. Sometimes I can get in the first time. Sometimes it will ask me once and fail, then I'll wait 30 seconds, type in my credentials again and it will work. Sometimes it won't work at all no matter how many times I try.  Any ideas? Much appreciated My response to this was.  Hey there I have had this issue before but with my old windows 2003 server and webdav to a unc share. Turns out it was a permissions issue on the file server In my configuration i have a student file server with \\server\student$\a\b\abc   so if your username was say "bob12" then your share would be \\server\student$\b\o\bob12 bob12 was a student so was apart of a group called "STUDENT" What i had to do for webdav was the following, as per my instructions i had my webdav application running as an account WebDav, i had to ensure that this account had access to my share but also be able to read/modify the web.config that sat in the root of my share e.g \\server\student$ I also had to ensure that the group "Student" had "List directory" permissions set on "\b\o" directories but not  set on the students folder, i did this with a powershell script that set the permission inherited but them revoked the permission on the folder "bob12" i also have a powershell that creates the user and folders and apart of that process is to revoke the "STUDENT" group premission off the folder for the user This should get over your issues with "Auth" and it keep coming back for the username and password, i found with my one that it was trying to "Touch" the folder but didn't have the acl set so would come back with the username and password box P.S i dont think you should have "Anonymous" set it should be disabled and only "Basic" set

• 07-30-2009, 10:59 PM

  In reply to

  Senna9649 Joined on 07-31-2009, 2:57 AM Posts 1	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact HELLO,    I AM THE SYS ADMIN FOR A NEW SCHOOL. I SET UP WEBDAV WEBFOLDERS FOR FACULTY AND STAFF DEPARTMENTS BUT WOULD ALOS LIKE TO ADD IT FOR STUDENTS. I HAVE SOME ISSUES AND ONE IS WITH PERMISSIONS. I AM NEW TO POWERSHELL. WOULD YOU BE WILLING TO SHARE SOME MORE DETAILED INFORMATION REGARDING THE PERMISSION SCRIP?   THANKS

• 12-09-2009, 3:00 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Hi there, As i am working full on all the time, please email me if you require help or follow me on Twitter, I have written a website that wraps around my webdav install and i do use powershell but use icacls/cacls for premissions as per CMD

• 01-01-2010, 11:59 AM

  In reply to

  paulc@virtigo.net Joined on 12-31-2009, 10:14 PM Posts 7	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Thanks for the guide dkenna. Really appreciate it. Does anyone know if I can use variables in the UNC path, so that I can grant different users access to different shares? i.e. "\\server\share\%username%\MyDocuments" If not, is there another method that could be used? Thanks in advance. Paul

• 01-28-2010, 2:02 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact  Hi there Paul Cant use variables i have some source code that deals with mappings  I will go find it now and post it up    Cheers

• 01-28-2010, 2:16 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact This is edited as i have removed parts that deal with logos etc Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load         If LogonUser = Nothing Then             Dim LogonName As String = User.Identity.Name.ToLower  'Request.ServerVariables("LOGON_USER").ToLower             Dim RemoteIp As String = Request.ServerVariables("REMOTE_ADDR")             Dim Position As String = LogonName.Replace("YOUDOMAIN\", String.Empty)             LogonUser = Position             getdrives()         End If End Sub Private Sub getdrives()          Dim adds As New DirectorySearcher(ADC)         adds.Filter = ("CN=" & LogonUser)         Dim oResult As SearchResult = adds.FindOne         If (oResult.Properties.Contains("givenName")) Then             name = oResult.GetDirectoryEntry().Properties("givenName").Value.ToString()             homedir = oResult.GetDirectoryEntry().Properties("homedirectory").Value.ToString()         End If         Dim oUser As DirectoryEntry = oResult.GetDirectoryEntry         If User.IsInRole("DOMAIN\STAFF") Then             Dim part As String = homedir.ToLower.Replace("\\server\staff$\".ToLower, String.Empty)             Dim part2 As String = part.Replace("\", "/")             filesrv = "/STAFFH/" & part2 hyplnk1.NavigateUrl = filesrv End If End Sub

• 01-29-2010, 4:33 AM

  In reply to

  paulc@virtigo.net Joined on 12-31-2009, 10:14 PM Posts 7	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Thanks dkenna, I really appreciate you posting the code up. It looks like that will really help. Can you advise how I would implement it? :-) Many thanks, Paul

• 02-01-2010, 4:56 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Basically this is an ASPX.net page written in VB.net Create a default.aspx/default.vb using with Visual Studio or Dreamweaver  You can create a link in default.aspx e.g hyplnk1  Of course this code depends on you having your homedirectory set in AD  however it can be modified if this is not set in your AD but you do know your share paths Ours are set using \\server\share\a\b\abill where its the first and second letters of the username for our folder structure so if i have created a webdav point of STAFFH which = \\server\share then when i do the query against AD i strip out the server name and just use the \a\b\abob as i showed in my last post if you dont have this set in AD then using the lines below would give you the same effect Dim a As String Dim b As String  a = LogonUser.Substring(0, 1) b = LogonUser.Substring(1, 1) so i have just taken the first and second letter from the username and of course my path would be filesrv = "/STAFFH/" & a & "/" & b & "/" & LogonUser I know some people do use the 1st letter of the users first and last name for their folder structure but if you have this information in AD then you can request and strip it in code also. This code is good if you also want to have instructions for your users on how to create a web folder as you can display the path to their web folder instead of some general instructions Here are a screenshot of mine

• 02-01-2010, 5:04 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact i would also say that i do have one pitfall which i can resolve but just have not had the time and thats in regards to directory listing where if they are in the root e.g \a\b\abob and click parent they will see \a\b however i have cacls the premissions so they cant see anyone elses home drive and as such can not access it, since most people use the site for a quick file grab or just instructions on mapping a web folder it has not been an issue.

• 02-01-2010, 7:56 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Senna9649: HELLO,    I AM THE SYS ADMIN FOR A NEW SCHOOL. I SET UP WEBDAV WEBFOLDERS FOR FACULTY AND STAFF DEPARTMENTS BUT WOULD ALOS LIKE TO ADD IT FOR STUDENTS. I HAVE SOME ISSUES AND ONE IS WITH PERMISSIONS. I AM NEW TO POWERSHELL. WOULD YOU BE WILLING TO SHARE SOME MORE DETAILED INFORMATION REGARDING THE PERMISSION SCRIP?   THANKS Hi there cacls "$hmdir" /t /e /g:$domain\$usrn icacls $hmdir /setowner $usrn /T /C cacls "$hmdir" /r $domain\$group /t /e Where $hmdir is the PS value for directory or share path $domain = YOURDOMAIN $usrn = username I also have a revoke for the users group e.g if they are either say STAFF or STUDENT

• 01-06-2012, 4:59 AM

  In reply to

  philipho Joined on 01-04-2012, 10:55 PM Posts 7

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Hi dkenna, I followed your miniguide above, but ended up with a strange behaviour. Users can access the share over http and set up a network drive, they can browse through the directory and create files... but cannot open/read files. For more details see here: http://forums.iis.net/p/1185879/2009911.aspx Do you have any idea whats going wrong? thanks for any help!

• 01-10-2012, 11:33 AM

  In reply to

  Burgercat Joined on 01-10-2012, 10:38 AM Posts 2

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact I have an issue too, it's driving me up the wall. Basically, we can't authenticate to internal file shares set up for WebDAV via external clients. Our current setup is a newly installed member server in our DMZ running IIS 7.5 with a virtual folder pointing to our internal LAN file server.  When logging onto the member server as Domain Admin (with PRP rights in the DMZ), all files are accessible for browsing from within IIS over port 80. However, authentication fails when attempting to log in to the Vodafone Data Wizard portal (a 3rd party app that manages our iDevices over SSL) which is configured to accept connections from mobile devices. The Vodafone Wizard is configured for SSO and the member server's machine account has read/write access to the internal file share. When logging onto the member server as local administrator and attempting to expand the virtual folder that points to the internal file server, the error message "Logon failure: unknown username or bad password." appears  It's probably worth noting that we've put an RODC into the DMZ (opened up all required ports) and the member server's secrets are cached on it. Also, the member server account is part of the PerimeterNetwork Allow and PRP Allowed groups in our AD. So far, I've tried: Creating a separate Application Pool for WebDAV using No Managed Code with Classic pipeline. Installed Application Development, URL Authorization and HTTP Redirection. Gave Allow All Users rights to the server in .Net Authorization rules. Gave Allow All Users rights to the server in IIS Authorization rules. Enabled ASP.Net Impersonation on the server. Checked requestFiltering exception was in place for WebDAV for write access to web.config. Converted virtual folder to an Application. Gave member server's machine account write access to the internal file share. Directory Browsing is enabled. Basic authentication works from the member server to the fileshare, tested using the browsing functionality in IIS. Stumped. Any help greatly appreciated!

• 01-11-2012, 3:11 PM

  In reply to

  dkenna Joined on 10-15-2008, 2:05 AM New Zealand Posts 12

  Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact Hey guys, checked my old works email to find your questions. Just letting you know i will read them and have a think about it.. both may be related to permissions. One other thing I have found with Folder and files is if they have funny non http formed names.. you will be unable to open or access them.. I am trying to think of an example of this but since I am not longer at that job, I don't have the jobs related these issues any more. Also one other thing is around allowing certain file types .. so for example by default you cant open a .vb file, there is a way to allow this but cant remember off the top of my head.

• 01-13-2012, 12:43 PM

  In reply to

  Burgercat Joined on 01-10-2012, 10:38 AM Posts 2	Re: IIS7 WEBDAV and UNC PATH to Windows File Servers Reply Contact  Heya,  Managed to solve our issue, http://support.microsoft.com/default.aspx?scid=kb;en-US;2545850  That, AND our 3rd party vendor had their portal misconfigured. :/! Cheers!