IIS 7 and Above
Anonymous PUT in WebDAV
Last post Feb 09, 2012 12:31 PM by artisticcheese
Feb 16, 2008 02:34 PM|lcx|LINK
How do I enable anonymous PUT?
I have enabled anonymous PROPFIND but PUT requires authentication:
2008-02-16 19:16:11 W3SVC2 SERVER 188.8.131.52 PROPFIND /testfolder - 80 - 184.108.40.206 HTTP/1.1 Microsoft-WebDAV-MiniRedir/6.0.6001 - -
www.example.com 207 0 0 805 172 1
2008-02-16 19:16:11 W3SVC2 SERVER 220.127.116.11 PUT /testfolder/Test.mp4 - 80 - 18.104.22.168 HTTP/1.1 Microsoft-WebDAV-MiniRedir/6.0.6001 - -
www.example.com 401 0 5 5347 191 3
<properties allowAnonymousPropfind="true" />
<add users="?" path="*" access="Read, Write" />
Feb 18, 2008 02:28 PM|robmcm|LINK
Anonymous PROPFINDs are allowed for file listings, but file uploads require an authenticated user.
More specifically, the PUT, MKCOL, PROPPATCH, COPY, MOVE, and DELETE verbs all require authentication.
Feb 18, 2008 04:06 PM|lcx|LINK
Is it possible to use a cookie-based authentication scheme by means of a custom authentication module?
Feb 18, 2008 05:10 PM|robmcm|LINK
Yes - that would be possible. Essentially as long as the request has some means of entering credentials that will be authenticated before the request gets to the WebDAV module in ExecuteRequestHandler, then the WebDAV module will not be aware that you have
implemented some other form of authentication. (Of course, this logic does not apply to Forms Authentication since that is not actually passing credentials via the HTTP headers, only through the HTTP request entity.) So in theory, if you wrote a custom authentication
module that used cookies and a server-side mapping of cookies to user accounts that executed in BeginRequest then you authenticate a user on behalf of a cookie-based client.
I have to state, however, that anonymous uploads via WebDAV are not generally a good idea and I always recommend forcing users to log in. ;-)
Mar 05, 2008 07:52 PM|websynchronizer|LINK
Jet 4 Replication Manager uses an anonymous put to upload files. Any thoughts on how we can force this to login?
If not, Internet synchronization of a Microsoft Access database can't happen on IIS 7
Mar 06, 2008 09:53 PM|robmcm|LINK
There are two considerations for Internet Synchronization that apply here:
Feb 09, 2012 12:31 PM|artisticcheese|LINK