Wednesday, September 15, 2010

Microsoft Windows and WebDAV

Introduction

Web-based Distributed Authoring and Versioning (WebDAV) is a set of methods based on the Hypertext Transfer Protocol (HTTP) that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers. WebDAV was defined in RFC 4918 by a working group of the Internet Engineering Task Force (IETF).

Microsoft Windows supports WebDAV since Windows 98.  It also available in Windows 2000, XP and Windows 7.

WebDAV Service: Apache HTTPD

The following shows two simple WebDAV configuration for Apache httpd server.  The “DAV On” indicates the URL is a WebDAV service.

Configuration: Basic Authentication using LDAP

<Location /setup>
        DAV On
        Options All
        Order deny,allow
        Allow from all
        AuthType Basic
        AuthName "DAV"
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthLDAPURL ldap://ldap.estream.com.my/ou=user,dc=example,dc=com?uid?sub?(objectclass=posixAccount)
        Require valid-user
</Location>

Configuration: Digest Authentication using password file

Digest authentication send MD5 hashed password to httpd server and thus provide a bit more security compare to Basic authentication.  However, Digest authentication is also not a secure mechanism for HTTP service.

<Location /setup>
        DAV On
        <LimitExcept GET OPTIONS>
                Options All
                Order deny,allow
                Allow From all
                AuthType Digest
                AuthName "DAV"
                AuthDigestProvider file
                AuthUserFile /etc/httpd/conf.d/digest
                Require valid-user
        </LimitExcept>
</Location>

WebClient service

In Windows XP or perhaps Windows 2000 onwards, WebClient is a service that communicate to WebDAV server.  Microsoft Windows doesn’t provide any GUI tools to configure WebClient.  All the configuration is done via Registry setting in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient.

2

You should restart the WebClient if you modify any WebClient items in Registry to make changes take effect.

Windows XP and WebDAV

Both Basic and Digest Authentication works with Windows XP’s WebClient without much configuration.

You may connect to a WebDAV share via:

  1. File | Open of Internet Explorer (check Open as Web Folder):
    3
  2. “Add a network place” in My Network Places:

    4 
    5 
    6 
    7

Once the connection is authenticated and authorised, you should able to access the WebDAV share just like normal network share in Windows Explorer.

8

Windows 7 and WebDAV

It is not easy to make WebDAV works in Windows 7 like Windows XP.  You need extra care to get WebDAV done in Windows 7.

Windows 7 WebClient service supports Digest Authentication by default.  This restriction has lead to 2 use cases failed:

  1. All WebDAV with Basic Authentication will fail no matter how you configure the WebDAV URL.
  2. All WebDAV using Digest Authentication and LDAP as backend authentication will fail.  The LDAP service is unable to perform authentication again digest password.

If the WebDAV URL support digest authentication using file as AuthDigestProvider, Windows 7 should establish the WebDAV connection successfully.  During the frequent trial and error testing among httpd server and Windows 7 WebClient service, you might need to restart the WebClient service before start a new test.

You may change an entry in registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters\BasicAuthLevel

to allow Basic Authentication work in WebClient service.  BasicAuthLevel’s default value is 1.  The meaning of BasicAuthLevel is as follow:

0 - Basic authentication disabled
1 - Basic authentication enabled for SSL shares only
2 or greater - Basic authentication enabled for SSL shares and for non-SSL shares

You may set BasicAuthLevel to 2 for Basic Authentication to work in non SSL WebDAV share.  You may then use Basic Authentication  with LDAP as backend authentication service for the WebDAV share.

To add a WebDAV share in Windows 7,  you may use “add a network location” as shown in Windows Explorer:

9 

The rest of configuration is straight forward, just enter the WebDAV share URL and supply valid credential if necessary and you can start access the  WebDAV share as usual.

TroubleShoot

Error 0x800700DF: The file size exceeds the limit allowed and cannot be saved

When you use Windows 7 to access a WebDAV share copying a large file more than 50MB, you may encounter the following error:

1_thumb1

There is a setting for webclient service in registry that restrict the transmit file sizes (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters\FileSizeLimitInBytes):

Capture

Modify this value to something like 0xFFFFFFFF will allow transferring file size of 4GB.

Restart the WebClient service refresh the setting.

Reference

  1. You may receive an error message when you try to download a file that is larger than 50000000 bytes from a Web folder on a computer that is running Windows Vista or that is running Windows XP with Service Pack 1 or with Service Pack 2.
    URL: http://support.microsoft.com/kb/900900/en-us
  2. Howto Fix Webdav On Windows 7 64bit. URL: http://shon.org/blog/2010/03/04/howto-fix-windows-7-64bit-webdav/

No comments: