IIS 7 and Above
WebDav. How to use it?
Last post Sep 18, 2010 05:14 AM by blazingbiz
Jul 07, 2010 10:45 AM|shapper|LINK
I have been using FTP to send the projects to my VPS.
I know I can install WebDAV and I just installed it.
But how can I access it from my computer?
Is there any Client software for that?
And can I upload and download with WebDav?
Is WebDav better then FTP for publishing?
Jul 07, 2010 12:25 PM|lextm|LINK
Make sure that you read all the articles here,
Once you understand more about WebDAV, you will see how useful it is.
Jul 07, 2010 07:20 PM|robmcm|LINK
There are several WebDAV clients available, the easiest of which is the WebDAV redirector that is built-in for Windows - this redirector allows you to map a drive to a WebDAV-enabled website.
Note: See the Using the WebDAV Redirector walkthrough for more information about using the redirector. (FYI - I like to use the WebDAV redirector to map a drive to my websites and then use
Visual Studio to open a project using the mapped drive as the physical location.)
In addition, some authoring tools like
Microsoft Expression Web are first-class WebDAV clients that allow you to open and edit your website directly over WebDAV. There are a host of third-party WebDAV client technologies as well, such as Novell/MacroData NetDrive, Webdrive by South River Technolologies,
Total Commander, etc.
Jul 09, 2010 12:00 PM|blazingbiz|LINK
I read your tutorials on using WebDav with IIS7, I've always preferred WebDav over FTP since I started developing in IIS 6 a few years ago. I'm having an issue which seems common but I can't find a clear answer, if I want to use WebDav to publish to an
IIS site and that site is also an Asp.Net application and want to use Forms Authentication on that site, how would I do that being that WebDav needs Windows Authentication to work?
Using the old IIS 6 method I always set up a Virtual Directory that acted as the WebDav publishing point which mapped to the a folder on the server that wrapped the public web folder that has the site files. I don't know how that would work on IIS 7 and
it seems I would have to set up both the regular HTTP Asp.NET Web Site that used Forms Authentication on IIS 7 and an additional Virtual Directory site that used Windows Authentication for WebDav publishing purposes for each web site, which isn't ideal. Also
I'm not sure what the requirements would be for NTFS file and folder permissions in this case. If you could shed any light on that.
I read else where on these Forums that some setting named "runAllManagedModulesForWebdavRequests" would have to be set to "true" to enable both Forms and Windows Authentication to be able to run side by side, and that would automatically route WebDav requests
to the Windows Authentication while the ASP.Net application would run Forms Authentication through HTTP normally. I'm not sure where this setting is and what other implications setting this up would entail if you can enlighten me on it. Also if you could explain
the nuts and bolts of these two authentication methods running side by side and what that means in how the web site runs, it would help me to visualize what's going on should I be able to set this up. It seems like this is set up to not be compatible and I'd
like to understand why that is, better. You can post links which I'd research if the explanation is involved.
I'm using the WebDav 7.5 module on IIS 7 running on Windows Server 2008 SP 2 Web Edition with IIS 7 in Integrated Mode
Jul 09, 2010 12:08 PM|blazingbiz|LINK
Also if you have links or a quick explanation as to why the Windows and Forms Authentication modes aren't compatible and what exactly is changed should I be able to make them run side by side, I'd like to understand better the nuts and bolts of these authentication
methods and how that impacts the sites as they run.
Jul 09, 2010 05:25 PM|robmcm|LINK
The way that I would suggest mixing forms authentication and Windows authentication in order to use WebDAV would be to create two websites in IIS that both point to the same content folder and set your different authentication methods for each site. I currently
do this for a few sites that I host for other people - I create the first website for general anonymous browsing that uses forms authentication for the web-based administrative tasks that I created in a control panel that my users will use to manage their
site, and I create the second website that allows them to upload files over WebDAV. (In my specific situation I'm using Digest authentication instead of Windows authentication, but the general idea is the same.)
The easiest explanation for why WebDAV will not work with forms authentication is rather straightforward - forms authentication is interactive over HTTP through a web browser, while WebDAV requires authentication at the protocol level.
More specifically, Windows/Digest/Basic/Anonymous authentication takes places at a lower level in the HTTP communication, and forms authentication takes place at a higher level. To put it simply, forms authentication will take place only
after Windows/Digest/Basic/Anonymous authentication has taken place. But WebDAV requires that Windows/Digest/Basic authentication to have occurred successfully before it can continue, which is still before forms authentication would be invoked. There
is also the problem that forms authentication takes place through an interactive web page that is specific to ASP.NET, and WebDAV is an open protocol that is completely unaware of forms authentication.
Jul 11, 2010 03:23 AM|blazingbiz|LINK
OK thank you, I'll try it out and report back what I find. Thanks again.
Sep 13, 2010 08:21 PM|blazingbiz|LINK
Hi I just set up WebDav on my IIS 7.5 Windows Server 2008 server and I'm having issues writing to the remote location through webDav I'll list the specifics below and if anyone can spot where I'm missing something or where I can look further to troubleshoot
this please let me know.
I am able to upload and create files on the remote location as long as a file of that same name doesn't already exist there but when I try to upload or create a file of the same name, in other words overwrite the files on the remote server, I get the usual
Copy File dialog box with the three options of Copy and Replace, Don't copy, and Copy, but keep both files - as has been in the Windows Explorer GUI since Vista.
The Don't Copy, and Copy but keep both files (which creates a duplicate file with an iterating number attached to the end) work fine since they leave the original file untouched. But choosing Copy and Replace results in this Copy File Error:
An unexpected error is keeping you from copying the file. If you continue to receive this eroor, you can use the error code to search for help with this problem.
Error 0x80070057: The parameter is incorrect
Sometimes the Error is this one:
Error 0x80070780: The file cannot be accessed by the system
When I get this message and I click Try Again I get the first Error message after two or three clicks of Try Again.
This behavior is the same no matter the type of file I attempt to overwrite, I've tried it with aspx, cs, txt, gif, and html files.
The machine specifics are:
Local Machine - Windows 7 Home Premium
Remote Machine - Windows 2008 Server Standard IIS 7.5
webDav is enabled on a website that uses PHP and wordpress and has no .Net enabled on the App Pool since it doesn't use Asp.Net
I use a virtual directory on this web site to point to the other web site folders I manage on this server, that way the WebDav needing Windows Authentication doesn't conflict with Forms Authentication I use for my Asp.Net sites
WebDav is set up on the main web site and in the virtual directories under it.
Windows Authentication is set up for the site and each virtual directory
The WebDav Authoring Rules is set to Allow access to All content, Allow access to this content to Specified users in which I have my Windows user listed, and Permissions set to Read, Source, and Write
I have a Windows user set up on the Windows 2008 machine
The IIS 7.5 Authorization rules are set to Allow All Users
On the local machine I have set up a Mapped Network Drive where the Drive letter is Z: and the Network address is the virtual directory off of the main website address using the http protocol
The Virtual Directory points to the folder File Path above the web root for the website I want to manage using WebDav, I connect using the login information for the Windows user I have set up on my Windows 2008 Server, it connects fine and I come to the folder
that contains the web site's web root, and double click the web root folder and see all the files listed from the remote location on my local Windows Explorer interface
On both the web site and virtual directory under the Request Filtering Behavior section of the WebDav settings the Allow File Extension Filtering is set to False
I'll go research the Error messages with webDav but I figured I'd post it here to seee if anyone had a similar situation and knew the resolution off hand.
Sep 13, 2010 09:12 PM|blazingbiz|LINK
Also just to add to what I wrote above - I can Delete and Rename files fine but the only issue is when I try to Overwrite any file.
Sep 13, 2010 10:16 PM|robmcm|LINK
That sounds simlar to a problem that I wrote about in a blog sometime ago - see "Weirdness #1: xcopy.exe fails on repeated copy operations" in the following blog:
In my blog I was discussing xcopy, but since your error is only when you are overwriting files it sounds like it might be related.
Sep 14, 2010 04:35 AM|blazingbiz|LINK
Thanks Robert for the reply. It seems like this is a WebDav client issue from what you wrote, which makes the solution simple if it is, I'll switch over the Expression Web and use it to do my uploads. I'll post if that works.
In doing searches to troubleshoot this issue I came across your blog earlier and enjoyed your posts. I'm getting a kick reading your Farewell to Front Page SE series, I'm a web developer and web host manager since 2000 and consider myself a FrontPage "survivor"
- it was such a pain in the butt to keep up with, configure, and manage but at the same time FTP left a security hole bad taste in any security conscious web hoster's mouth, I didn't become aware of Secure FTP until after I was burnt out on learning anymore
Web Publishing mechanisms. I remember loving FPSE when it worked and just firing up the stodgy old FTP GUI (I forget the name, the one before CuteFTP and Filezilla, it was the main FTP client when people used Windows 98) when it didn't.
An inside joke among web developers and people who were early on in the second wave of hosting their own web sites in the early 2000's was to ask what was FPSE's "other" acronym which was PITA - : ) that way you knew you were talking to someone who knew
what it was like staying up all night figuring out why your files wouldn't upload and what all those encrypted configuration errors were about. You are right about the nostalgia, I kind of miss those days while at the same time dreading to think about them.
Sep 16, 2010 04:54 AM|blazingbiz|LINK
I switched to Expression Web to do my uploading with WebDav, same set up and the same problem with not being able to overwrite files. this is the error message I get within the Expression Web Publishing view -
403 - Forbidden: Access is denied.
Server Error 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.
Is this having to do with my Windows Server user's ACL permissions on the server? I would think WebDav doesn't need to worry about that.
I had come across something like this before in researching this, something to do with the credentials and how they are carried via the WebDav protocol on IIS I believe.
If you have any insights into this please let me know.
Sep 16, 2010 05:14 AM|blazingbiz|LINK
OK, here's some more details:
Through the Expression Web Publishing interface, I tried to delete the file I was overwriting so I could move the other file in that folder, this worked when I did this using the Windows Explorer redirector, but didn't work using this interface. Same 403
error message was given.
I tried the reverse to see what happened, which is to copy the file from the web root folder up one level where the WebDav connects to and that worked, the older file overwrote the newer one. So I uploaded the newer one again from the Local location and
it overwrote the old file on that folder level successfully.
As a side note, I always set the publishing directory on the remote server to be one folder level up from the web root folder on the server, that's a lay over habit from my linux server days which usually sets up Apache shared hosting and ftp in that fashion.
That way I can upload things and keep it off of the web accessible folder if I choose.
So by setting up WebDav through a virtual directory and having the Physical File Path of that virtual directory mapped to that folder which is one level up from the web root of the website I'm managing - is that throwing off file permissions some how or
how the user credentials are being communicated with the Remote Server through WebDav?
OK, here's the issue - if I use the little arrows that are in between the Local and Remote sites on the Expression Web Publishing WebDav Interface, I get the behavior that was described above.
But if I drag and drop files from the Local site to the Remote site using that interface, then I'm able to successfully write, delete, and overwrite files. Any ideas as to why? What's the difference between using those arrows and just dragging and dropping
files between the Local and Remote publishing destinations?
Sep 16, 2010 05:40 AM|blazingbiz|LINK
It might have to do with the fact that I log in to my server using Remote Desktop as Administrator and set up my files that way and then when I connect using WebDav I use a regular Windows user for that account. The regular user may not have permissions
to overwrite files that have been created and modified by the Administrator account.
After overwriting the file I uploaded through WebDav with my Administrator account on the server using Remote Desktop I was able to overwrite and delete it fine using the Expression Web Interface.
Now I just tried creating a test file on the server using the Administrator account using Remote Desktop, within the web root folder, and using the Expression Web interface and WebDav was again not able to overwrite it nor delete it.
The Error Message this time was this though:
405 - HTTP verb used to access this page is not allowed.
Server Error 405 - HTTP verb used to access this page is not allowed. The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access.
OK, as far as that file is concerned it is having those issues because it is a php file. Eventhough the Request Filtering Behavior in the WebDav settings in the IIS 7.5 interface are set to False.
I just tried the same thing with a text file of the same name, and I got a 403 Error message instead when trying to Delete it. I was also unable to upload the php file from the Local site to the Remote site and given the same 405 message. But I was able
to upload a jpg and html file in the same fashion that I was trying to upload the php file.
And here I was complaining about FPSE being a pain in the rear. Anyway, if you have any suggestions on how I can find out what is going on with this, I'd like to read them. Thanks.
Sep 16, 2010 05:52 AM|blazingbiz|LINK
I think I've solved it, thanks for being a great sounding board : )
I went into the FastCGI settings for php on the IIS 7.5 Server level and changed the Request Restrictions ... settings under the Verbs tab from All Verbs to just the list of GET and POST and now the uploading of the PHP file works normally. When I try to
overwrite the file created by the Administrator account on the server with the newly uploaded file written via the WebDav user, I get the 403 Error again just like I tried with the text file. So I can safely conclude that the conflict is between the permissions
of the WebDav user on the server trying to overwrite files on the server listed as being created by the Administrator on that Server machine.
Thanks, hope this helps other users of WebDav. I'm sure you can pass along this trial and error unto others.
Sep 16, 2010 03:53 PM|robmcm|LINK
Here's an additional bit of troubleshooting information that might help in the future - whenever you receive an error from the server like an HTTP 403 status code, there's an additional substatus code in the server's logs that may help to identify the problem.
The full list of IIS 7 status and substatus codes are detailed in the following Knowledge Base article:
So in this specific case I would look for any log entires where the sc-status field is 403 and check the substatus. In the following example the substatus is 21, which means that source access was denied in the WebDAV settings:
#Software: Microsoft Internet Information Services 7.5
#Date: 2010-09-01 06:13:46
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2010-09-01 06:15:13 ::1 GET /default.aspx - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1) 403 21 0 31
Sep 16, 2010 04:33 PM|robmcm|LINK
Thanks for the additional detail about the fact that you were publishing PHP files - I was able to reproduce the HTTP 405 error that you were seeing. Just for everyone else's benefit, the 405 error that was showing up in Expression Web was:
IIS 7.5 Detailed Error - 405.0 - Method Not Allowed
Server Error in Application "DEFAULT WEB SITE"
Internet Information Services 7.5
HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.
Detailed Error Information
Most likely causes:
Things you can try:
Links and More Information
Here's what's actually going on - the PHP handler is being called when publishing PHP pages because it's configured to listed to all HTTP verbs by default, and the PHP handler doesn't know what to do with a request like "PUT /index.php", so it throws an
error. Changing the list of PHP verbs as you did solved the problem by specifying that the PHP handler should only handle GET and POST, so PUT verbs will fall through to the WebDAV handler.
That solution works, but the problem might re-manifest itself in other unpreditcable ways, so I'll explain what's going on in the IIS pipeline and suggest a better solution. What's happening at the server level is that the PHP handler is being called
before the WebDAV handler, which is incorrect; the WebDAV handler should have first access to all requests for the sake of publishing, and if a request is not a publishing request then it will fall through to PHP. So here's how you configure that:
This allows WebDAV to process all requests before the PHP handler, which is the correct order.
Sep 18, 2010 05:14 AM|blazingbiz|LINK
Thanks Robert, this explains and solves a lot for me. I had such issues with WebDav publishing in PHP sites before and had a heck of a time with a site that one client wanted to use as a PHP development platform and just would not work with WebDav after
much hair pulling. I tried everything like Request filtering, HTTP Verbs, ACL permissions so on and so forth.
I read and re-read all the WebDav documentation and these little gotchas are what really make up the bulk of the difficulty with using it. Setting up and using WebDav is pretty simple and straight forward, but these deep dive into troubleshooting server
admin sessions are what make FTP tempting. But I've refused to use FTP since I discovered WebDav and have committed to making it work. I hope you make a list of these deep gotchas in your blog and the WebDav IIS documentation that I believe you've maintained.
I think a thorough explanation of the WebDav protocol on some level is in order beyond the step by step how to type articles in the documentation, a reference for the HTTP Verb internals and HTTP protocol interaction with WebDav would go a long way in clearing
up what seems to be hidden issues when all people have to go by are the step by step how to's. I found this reference online which might help in getting a handle on all that and might serve as a guide if you or anyone wants to write the kind of reference I
described - http://www.ics.uci.edu/~ejw/http-future/whitehead/http_pos_paper.html
That page has a lot of resources and here's one from it that should serve as a home page for WebDav - http://ftp.ics.uci.edu/pub/ietf/webdav/
I'm sure the insights on those resources would go a long way to get a bottom up reference to WebDAV on the IIS Learn site - that would be added value to the how to type articles on WebDav there now.
Also, I wanted to add a solution for the file permission error when in some cases someone is running a dedicated Windows server, as is the case with me, and they use Remote Desktop to login and administer it, while also wanting to use WebDav to publish to
that server and working in web authoring software on the local development machine.
The solution would be to follow the Microsoft Best Practice when using the Remote Desktop connection and login in as a regular User on the Windows server rather than the Administrator account, when Administrator permissions are needed one can right-click
on Applications and choose Run as Administrator and supply the password.
So as it works out with WebDav, one needs to create a Windows User anyway to have the WebDav client sign on to the server as to do the WebDav administration. The best thing to do is have this user be the dedicated Web Maintenance account, so signing in with
Remote Desktop with this account and doing all the file creation and web related maintenance would be following the Remote Desktop Best Practice and signing in with WebDav with this same user account would then eliminate the file permission conflict with WebDav
and the server Administrator account not allowing things such as file overwrites.
Also if multiple WebDav user accounts are used, such as in the case of one's customers when selling disk space on a dedicated server, then the file permission issue would still not happen since the Web Maintenance user account and one's customers' user accounts
would have the same level of membership on the server domain.
To summarize my earlier points, on a Windows server running PHP applications, such as Wordpress, having these websites double as WebDav end points is a good idea. Since one wouldn't have ASP.Net enabled on those sites most likely, as it saves overhead and
improves performance, one also wouldn't need to have Forms Authentication on those sites and could thus have Windows Authentication on it to Enable WebDav. With that set up, one could create Virtual directories under that site and point to the File Path of
the other websites wanting to be managed through that site. This way the WebDav URL becomes maindomain.com/VirtualDirectoryName/ - it's simple and you can use that one domain URL to manage many sites through WebDav.
Alternately, if your server configuration and web architecture prefers, one could use sub-domains instead of virtual directories. That way create a IIS website for the domain URL of the main site that serves web content through HTTP with the Host Header
and IP Address in the Binding section of that website set up like this www.example.com - IP Address and example.com - IP Address. Then set up a second website for that domain in IIS dedicated to WebDav use rather than serving content over HTTP. In this website
you'd set up your Bindings section like this for example, webdav.example.com - IP Address - you might even want to set up a dedicated IP address just for WebDav use.
If you are going to do it this way, using sub-domains - just make sure you set up your domain name's DNS to point the sub-domain to the correct IP Address in that domain name's A Record section. The main point is that you need a website that has a publicly
accessible URL set up on IIS that is enabled for WebDav to be able to use it through which ever WebDav Client you use such as the Windows Explorer Redirector or Expression Web for example. One of the things that needs to be available is Windows Authentication
or some other one but Forms Authentication must be Disabled.
If you don't have Forms Authentication enabled on your site anyway, then you can just use that website for WebDAV and HTTP content without creating two websites for that domain name.
The other thing to keep in mind is that the File Path on the Server that your IIS website points to (either through the Virtual Directory, sub-domain website, or regular website with no Forms Authentication use) is where your WebDav will point to and will
act as your WebDav root directory when you connect with the WebDav client. I've always liked making my WebDav publishing root directory one folder level above my website root directory, that way I have a free folder level to upload files to and create folders
on, while having it all not be web accessible until I decide to drop what ever I want web accessible into the web root folder.
With all of the above and the regular How To articles and videos on IIS Learn for WebDav use in IIS, you should be good to go with using WebDav and overcoming all the problems I've encountered and read about on these forms. The regular WebDav troubleshooting
caveats about Request Filtering and such still apply in addition to what I wrote above and Rob included, so don't skip those either. Also as Rob mentioned being able to view detailed Error Status Code Messages on the server and knowing where your IIS Log files
are (C:\inetpub\logs\LogFiles by Default) is a must for troubleshooting. Another suggestion is to use a tool like Web Fetch or Fiddler to connect to your WebDav end point URL and send HTTP Verbs and WebDAV protocol commands manually and see the results in
the Raw on those types of tools.
Happy Publishing !!