|
Home > Archive > IIS Server Security > December 2004 > WebDAV Security for Public Sites
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
WebDAV Security for Public Sites
|
|
| Shawn Barrick 2004-11-29, 5:53 pm |
| I'm try to set up a website under IIS6. We want to set up a website
viewable to the public, and then allow a few people to edit files on
the site via WebDAV.
NTFS: Right now the IUSR account has Read/Execute/List permissions.
The EDITORS group has Read/Execute/List/Write/Modify.
IIS Directory Security: I have Anonymous access set for the IUSR
account, and then basic authentication allowed.
IIS Home Directory: I have Read/Write/Logging/Directory Browsing
enabled for the site's directory.
What am I missing? I have WebDAV enabled in general for the IIS
server. Anonymous users can view the website. I want to allowed
members of the EDITORS group to write to that directory via Web
Folders/Network Places, but when we test it, it says an "an error
occurred when accessing the site". There is no prompting for login in
credential at all.
Thanks,
Shawn Barrick
Sysadmin
Finard & Company
| |
| Bernard 2004-12-01, 2:48 am |
| Not sure, but have you look at IIS log file ?
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Shawn Barrick" <sbarrick@finard.com> wrote in message
news:96ec203c.0411291446.52548c3a@posting.google.com...
> I'm try to set up a website under IIS6. We want to set up a website
> viewable to the public, and then allow a few people to edit files on
> the site via WebDAV.
>
> NTFS: Right now the IUSR account has Read/Execute/List permissions.
> The EDITORS group has Read/Execute/List/Write/Modify.
>
> IIS Directory Security: I have Anonymous access set for the IUSR
> account, and then basic authentication allowed.
>
> IIS Home Directory: I have Read/Write/Logging/Directory Browsing
> enabled for the site's directory.
>
> What am I missing? I have WebDAV enabled in general for the IIS
> server. Anonymous users can view the website. I want to allowed
> members of the EDITORS group to write to that directory via Web
> Folders/Network Places, but when we test it, it says an "an error
> occurred when accessing the site". There is no prompting for login in
> credential at all.
>
> Thanks,
> Shawn Barrick
> Sysadmin
> Finard & Company
| |
| Shawn Barrick 2004-12-01, 5:57 pm |
| "Bernard" <qbernard@hotmail.com.discuss> wrote in message news:<ewMv$w11EHA.3376@TK2MSFTNGP12.phx.gbl>...
> Not sure, but have you look at IIS log file ?
Sorry, here's what I get:
2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
Microsoft+Data+Access+Internet+Publishin
g+Provider+DAV 207 0 0
2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
Microsoft+Data+Access+Internet+Publishin
g+Provider+DAV 207 0 0
2004-12-01 14:55:43 192.168.1.2 HEAD /test2.txt - 80 - 12.101.253.114
Microsoft+Data+Access+Internet+Publishin
g+Provider+DAV 404 0 64
2004-12-01 14:55:43 192.168.1.2 PUT /test2.txt - 80 - 12.101.253.114
Microsoft+Data+Access+Internet+Publishin
g+Provider+DAV 401 3 64
Oddly enough, I can see the files in the WEBDAV directory, but only
get that "error copying" when I try the PUT. It seems to work from
non-XP machines, but only prompts me to log in when I try to copy
something. Under XP it NEVER prompts me for a login.
| |
| Bernard 2004-12-02, 3:57 am |
| Mm.. client side issue then. anyway, from the log there's 401.3 which
related to permissions, make sure the user have write permission to PUT
(write) the file on the server.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Shawn Barrick" <sbarrick@finard.com> wrote in message
news:96ec203c.0412010659.698d4b45@posting.google.com...
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:<ewMv$w11EHA.3376@TK2MSFTNGP12.phx.gbl>...
>
> Sorry, here's what I get:
>
> 2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
> Microsoft+Data+Access+Internet+Publishin
g+Provider+DAV 207 0 0
> 2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
> Microsoft+Data+Access+Internet+Publishin
g+Provider+DAV 207 0 0
> 2004-12-01 14:55:43 192.168.1.2 HEAD /test2.txt - 80 - 12.101.253.114
> Microsoft+Data+Access+Internet+Publishin
g+Provider+DAV 404 0 64
> 2004-12-01 14:55:43 192.168.1.2 PUT /test2.txt - 80 - 12.101.253.114
> Microsoft+Data+Access+Internet+Publishin
g+Provider+DAV 401 3 64
>
> Oddly enough, I can see the files in the WEBDAV directory, but only
> get that "error copying" when I try the PUT. It seems to work from
> non-XP machines, but only prompts me to log in when I try to copy
> something. Under XP it NEVER prompts me for a login.
| |
| Shawn Barrick 2004-12-06, 7:47 am |
|
Bernard wrote:
> Mm.. client side issue then. anyway, from the log there's 401.3 which
> related to permissions, make sure the user have write permission to
PUT
> (write) the file on the server.
Thanks. After seeing it work from Win98 and Linux over the weekend, I
began looking at the client side. The odd thing is (in any case) the
client isn't prompting for a login until they try to write to the
WebDAV folder. Is this normal behavior?
| |
| Shawn Barrick 2004-12-06, 7:47 am |
|
Bernard wrote:
> Mm.. client side issue then. anyway, from the log there's 401.3 which
> related to permissions, make sure the user have write permission to
PUT[vbcol=seagreen]
> (write) the file on the server.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Shawn Barrick" <sbarrick@finard.com> wrote in message
> news:96ec203c.0412010659.698d4b45@posting.google.com...
> news:<ewMv$w11EHA.3376@TK2MSFTNGP12.phx.gbl>...
12.101.253.114[vbcol=seagreen]
12.101.253.114[vbcol=seagreen]
| |
| Bernard 2004-12-07, 2:49 am |
| How do you access ? the url ?
I suspect xp auto login using the existing user credential.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Shawn Barrick" <sbarrick@finard.com> wrote in message
news:1102341825.423449.311720@z14g2000cwz.googlegroups.com...
>
> Bernard wrote:
> PUT
>
> Thanks. After seeing it work from Win98 and Linux over the weekend, I
> began looking at the client side. The odd thing is (in any case) the
> client isn't prompting for a login until they try to write to the
> WebDAV folder. Is this normal behavior?
>
| |
| Shawn Barrick 2004-12-09, 6:19 pm |
|
Bernard wrote:
> How do you access ? the url ?
Adding the url (http://...) via "My Network Places, or opening in
Internet Explorer and choosing "open as web folder". It doesn't seem
to make a difference.
> I suspect xp auto login using the existing user credential.
That's what I had sort of assumed, but couldn't find any reference to
it in the logs. I've tried it from a non-domain machine outside the
office (knowing that it wouldn't submit a username even vaguely
acceptable), with the same effect. But that does make sense, as the we
can view the files, but only get an error when writing. Any ideas
where it could be caching this credential, or how to prompt it to ask
for its manual entry?
Thanks for all your suggestions.
| |
| Bernard 2004-12-10, 2:53 am |
| configure basic authentication on the webdav path and secure it with SSL.
HOW TO: Create a Secure WebDAV Publishing Directory
http://support.microsoft.com/?id=323470
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Shawn Barrick" <widderslainte@gmail.com> wrote in message
news:1102630195.413131.166510@z14g2000cwz.googlegroups.com...
>
> Bernard wrote:
>
> Adding the url (http://...) via "My Network Places, or opening in
> Internet Explorer and choosing "open as web folder". It doesn't seem
> to make a difference.
>
>
> That's what I had sort of assumed, but couldn't find any reference to
> it in the logs. I've tried it from a non-domain machine outside the
> office (knowing that it wouldn't submit a username even vaguely
> acceptable), with the same effect. But that does make sense, as the we
> can view the files, but only get an error when writing. Any ideas
> where it could be caching this credential, or how to prompt it to ask
> for its manual entry?
>
> Thanks for all your suggestions.
>
|
|
|
|
|