WebDAV Authentication

WebDAV is among the most reliable HTTP extension wherein you can access your files on remote servers. Meanwhile, to experience the benefits of WebDAV, you are advised to have WebDAV authentication. This article will help guide you with this matter.

WebDAV Windows Authentication Configuration

In configuring Windows Authentication, choose WebDAV site node in the IIS Manager and double click the Authentication.

Authentication of Windows with Digest or Basic

For the Basic authentication configuration, disable the Anonymous Authentication and enable the Basic Authentication or Digest Authentication. You must remember that you are using a Basic authentication or Digest authentication on your website, however, the credentials are validated against local Windows accounts or Windows Domain.

WebDAV Authentication with Kerberos or NTLM

For the configuration of Kerberos or NTLM authentication, you must disable the Anonymous authentication and set the Windows Authentication.

Choosing Authentication Plan in Mixed Authentication

You can make 3 authentication types With Add WebDAV Server Implementation wizard in your WebDAV folder: Cookies/Forms + Basic or Digest + MS-OFBA.

The following are the selection of authentication on WebDAV client application for the access of the server.

Basic/ Digest
You can have Basic or Digest authentication which will reply with Digest or Basic headers.

Forms/ Cookies

As you found Mozilla string in User Agent header, then the Forms/ Cookies authentication is chosen. The Mozilla string is forwarded by different web browsers with various requests.

MS-OFBA

In situations that ‘Microsoft Office’ string is seen in the ‘User Agent’ header or if ‘X-FORMS_BASED_AUTH_ACCEPTED:t’ header is presented in the client request.

Your server will be MS-OFBA. This will offer replies of MS-OFBA headers. Moreover, ‘User Agent: Microsoft Office’ and ‘X-FORMS_BASED_AUTH_ACCEPTED:t’ headers are used in the client OPTIONS requests.

The following will guide you to choose the best type of authentication for your WebDAV server.

Choosing Authentication for your WebDAV server

When do you need MS-OFBA authentication?

MS-OFBA webDAV authentication is applicable in the following situations:

If you are required to use 3rd party OAuth providers, including Google, Facebook, Twitter, etc.

These providers need HTML page for the user’s authentication.

MS-OFBA is also applied if you wish to have a customize Microsoft Office login dialog. You can show a customized HTML page.

webDAV Authentication

The MS-OFBA is backed up by a few client applications like the Microsoft Office. On the other hand, this authentication is not supported by OS X Finder, Microsoft Mini redirector as well as other desktop WebDAV clients. You must also remember that you will not be able to use Digest or Basic with 3rd party authentication providers like Twitter, Google, and Facebook.

Digest and Basic authentication

Basic and Digest authentication can be used for Windows or Active Directory account when the server is run on IIS. With this, you can now have a WebDAV authentication that can help you to access the server.

Image Credit: https://unsplash.com/photos/Yhc7YGZlz3g