Configuring WebDAV authentication on a shared hosted server

Posted on 2006-05-16
Last Modified: 2012-06-21

Our Web site is currently hosted by an ISP running Windows 2K3 server and IIS 6.0. We would like to enable WebDAV over SSL to allow our clients to upload and download files to and from this site, as a more-secure alternative to FTP. I am somewhat familiar with WebDAV functionality, but am stumbling when it comes to configuring the security. Unfortunately, the employees at the ISP, while they have confirmed that WebDAV is enabled on their server, have no experience with it at all and aren't in a position to help me figure it out.

Since the ISP (naturally) does not allow us to configure IIS, Windows, or NTFS permissions directly (they provide an application called Plesk for administration, but I am not clear how it relates to IIS or Windows), I have been testing this on a Web server on our LAN. My feeling is that, if I could somehow get it working locally, I could walk the ISP through configuring it on their end.

As I understand it, there are 5 options for WebDAV authentication in IIS 6: Anonymous access, Integrated Windows authentication, digest authentication, basic authentication, or .NET Passport authentication. I have been successful in uploading files to and downloading files from our internal server over WebDAV using both anonymous access and Integrated Windows authentication, but neither of those seem like options for the Web site -- anonymous for obvious reasons and Integrated Windows because I don't see how adding our Clients to the ISP's Active Directory is a practical option, even if they would let us do that (which I am sure they would not).

Unfortunately, I cannot seem to figure out how to configure things so that I can upload or download files using digest, basic, or Passport authentication. I am also unsure which of the options, assuming I could get *any* of them to work, would be the most appropriate. For instance, I have seen contradictory information on whether using basic authentication over an HTTPS connection is secure. Can basic auth passwords be deciphered even if the connection is SSL encrypted? I don't see how, but some of the information I have read seems to suggest that.

I have Googled until I am blue in the face, and have found many articles about configuring WebDAV, but none that seem to address a situation like ours where we do not have direct access to IIS, NTFS, or Windows configuration settings. Can anyone help me get this figured out?


Question by:JTennessen
    LVL 34

    Accepted Solution

    Basic Authentication via SSL is secure and is actually the recommended means of authentication over the Internet.

    If you were able to configure WebDAV to work with Windows Integrated authentication then all you would need to do is turn off Integrated and turn on Basic and it should work just as well.

    Dave Dietz
    LVL 7

    Author Comment

    Hi Dave,

    Thanks for your help. That definitely answers my question about the security of Basic authentication over SSL. I've worked on this some more today and think I've started to get it figured out. I really appreciate it!



    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
    When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now