WebDAV Security for Public Sites

I'm try to set up a website under IIS6. We want to set up a website
viewable to the public, and then allow a few people to edit files on
the site via WebDAV.

NTFS: Right now the IUSR account has Read/Execute/List permissions.
The EDITORS group has Read/Execute/List/Write/Modify.

IIS Directory Security: I have Anonymous access set for the IUSR
account, and then basic authentication allowed.

IIS Home Directory: I have Read/Write/Logging/Directory Browsing
enabled for the site's directory.

What am I missing? I have WebDAV enabled in general for the IIS
server. Anonymous users can view the website. I want to allowed
members of the EDITORS group to write to that directory via Web
Folders/Network Places, but when we test it, it says an "an error
occurred when accessing the site". There is no prompting for login in
credential at all.

Thanks,
Shawn Barrick
Sysadmin
Finard & Company

Re: WebDAV Security for Public Sites

Not sure, but have you look at IIS log file ?

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/



"Shawn Barrick" wrote in message
news:96ec203c.0411291446.52548c3a@posting.google.com...
> I'm try to set up a website under IIS6. We want to set up a website
> viewable to the public, and then allow a few people to edit files on
> the site via WebDAV.
>
> NTFS: Right now the IUSR account has Read/Execute/List permissions.
> The EDITORS group has Read/Execute/List/Write/Modify.
>
> IIS Directory Security: I have Anonymous access set for the IUSR
> account, and then basic authentication allowed.
>
> IIS Home Directory: I have Read/Write/Logging/Directory Browsing
> enabled for the site's directory.
>
> What am I missing? I have WebDAV enabled in general for the IIS
> server. Anonymous users can view the website. I want to allowed
> members of the EDITORS group to write to that directory via Web
> Folders/Network Places, but when we test it, it says an "an error
> occurred when accessing the site". There is no prompting for login in
> credential at all.
>
> Thanks,
> Shawn Barrick
> Sysadmin
> Finard & Company

Re: WebDAV Security for Public Sites

"Bernard" wrote in message news:...
> Not sure, but have you look at IIS log file ?

Sorry, here's what I get:

2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
Microsoft+Data+Access+Internet+Publishing+Provider+DAV 207 0 0
2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
Microsoft+Data+Access+Internet+Publishing+Provider+DAV 207 0 0
2004-12-01 14:55:43 192.168.1.2 HEAD /test2.txt - 80 - 12.101.253.114
Microsoft+Data+Access+Internet+Publishing+Provider+DAV 404 0 64
2004-12-01 14:55:43 192.168.1.2 PUT /test2.txt - 80 - 12.101.253.114
Microsoft+Data+Access+Internet+Publishing+Provider+DAV 401 3 64

Oddly enough, I can see the files in the WEBDAV directory, but only
get that "error copying" when I try the PUT. It seems to work from
non-XP machines, but only prompts me to log in when I try to copy
something. Under XP it NEVER prompts me for a login.

Re: WebDAV Security for Public Sites

Mm.. client side issue then. anyway, from the log there's 401.3 which
related to permissions, make sure the user have write permission to PUT
(write) the file on the server.

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/



"Shawn Barrick" wrote in message
news:96ec203c.0412010659.698d4b45@posting.google.com...
> "Bernard" wrote in message
news:...
> > Not sure, but have you look at IIS log file ?
>
> Sorry, here's what I get:
>
> 2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
> Microsoft+Data+Access+Internet+Publishing+Provider+DAV 207 0 0
> 2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
> Microsoft+Data+Access+Internet+Publishing+Provider+DAV 207 0 0
> 2004-12-01 14:55:43 192.168.1.2 HEAD /test2.txt - 80 - 12.101.253.114
> Microsoft+Data+Access+Internet+Publishing+Provider+DAV 404 0 64
> 2004-12-01 14:55:43 192.168.1.2 PUT /test2.txt - 80 - 12.101.253.114
> Microsoft+Data+Access+Internet+Publishing+Provider+DAV 401 3 64
>
> Oddly enough, I can see the files in the WEBDAV directory, but only
> get that "error copying" when I try the PUT. It seems to work from
> non-XP machines, but only prompts me to log in when I try to copy
> something. Under XP it NEVER prompts me for a login.

Re: WebDAV Security for Public Sites

Bernard wrote:
> Mm.. client side issue then. anyway, from the log there's 401.3 which
> related to permissions, make sure the user have write permission to
PUT
> (write) the file on the server.

Thanks. After seeing it work from Win98 and Linux over the weekend, I
began looking at the client side. The odd thing is (in any case) the
client isn't prompting for a login until they try to write to the
WebDAV folder. Is this normal behavior?

Re: WebDAV Security for Public Sites

Bernard wrote:
> Mm.. client side issue then. anyway, from the log there's 401.3 which
> related to permissions, make sure the user have write permission to
PUT
> (write) the file on the server.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Shawn Barrick" wrote in message
> news:96ec203c.0412010659.698d4b45@posting.google.com...
> > "Bernard" wrote in message
> news:...
> > > Not sure, but have you look at IIS log file ?
> >
> > Sorry, here's what I get:
> >
> > 2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
> > Microsoft+Data+Access+Internet+Publishing+Provider+DAV 207 0 0
> > 2004-12-01 14:55:39 192.168.1.2 PROPFIND / - 80 - 12.101.253.114
> > Microsoft+Data+Access+Internet+Publishing+Provider+DAV 207 0 0
> > 2004-12-01 14:55:43 192.168.1.2 HEAD /test2.txt - 80 -
12.101.253.114
> > Microsoft+Data+Access+Internet+Publishing+Provider+DAV 404 0 64
> > 2004-12-01 14:55:43 192.168.1.2 PUT /test2.txt - 80 -
12.101.253.114
> > Microsoft+Data+Access+Internet+Publishing+Provider+DAV 401 3 64
> >
> > Oddly enough, I can see the files in the WEBDAV directory, but only
> > get that "error copying" when I try the PUT. It seems to work from
> > non-XP machines, but only prompts me to log in when I try to copy
> > something. Under XP it NEVER prompts me for a login.

Re: WebDAV Security for Public Sites

How do you access ? the url ?
I suspect xp auto login using the existing user credential.


--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/



"Shawn Barrick" wrote in message
news:1102341825.423449.311720@z14g2000cwz.googlegroups.com.. .
>
> Bernard wrote:
> > Mm.. client side issue then. anyway, from the log there's 401.3 which
> > related to permissions, make sure the user have write permission to
> PUT
> > (write) the file on the server.
>
> Thanks. After seeing it work from Win98 and Linux over the weekend, I
> began looking at the client side. The odd thing is (in any case) the
> client isn't prompting for a login until they try to write to the
> WebDAV folder. Is this normal behavior?
>

Re: WebDAV Security for Public Sites

Bernard wrote:
> How do you access ? the url ?

Adding the url (http://...) via "My Network Places, or opening in
Internet Explorer and choosing "open as web folder". It doesn't seem
to make a difference.

> I suspect xp auto login using the existing user credential.

That's what I had sort of assumed, but couldn't find any reference to
it in the logs. I've tried it from a non-domain machine outside the
office (knowing that it wouldn't submit a username even vaguely
acceptable), with the same effect. But that does make sense, as the we
can view the files, but only get an error when writing. Any ideas
where it could be caching this credential, or how to prompt it to ask
for its manual entry?

Thanks for all your suggestions.

Re: WebDAV Security for Public Sites

configure basic authentication on the webdav path and secure it with SSL.
HOW TO: Create a Secure WebDAV Publishing Directory
http://support.microsoft.com/?id=323470

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/



"Shawn Barrick" wrote in message
news:1102630195.413131.166510@z14g2000cwz.googlegroups.com.. .
>
> Bernard wrote:
>> How do you access ? the url ?
>
> Adding the url (http://...) via "My Network Places, or opening in
> Internet Explorer and choosing "open as web folder". It doesn't seem
> to make a difference.
>
>> I suspect xp auto login using the existing user credential.
>
> That's what I had sort of assumed, but couldn't find any reference to
> it in the logs. I've tried it from a non-domain machine outside the
> office (knowing that it wouldn't submit a username even vaguely
> acceptable), with the same effect. But that does make sense, as the we
> can view the files, but only get an error when writing. Any ideas
> where it could be caching this credential, or how to prompt it to ask
> for its manual entry?
>
> Thanks for all your suggestions.
>