More WebDAV Tips, Tricks and Bugs

Wednesday, 1 March 2006

My WebDAV with ASP.NET post has proved to be very popular and gets me emails, so I figured I’d share some more tidbits that I’ve picked up along the way.

What do you learn when you write your own server to implement a standard protocol? Well you learn that protocols share a lot in common with legal contracts. People interpret them in different ways, often in the way that is most advantageous to what they are doing. In writing a WebDAV server, I’ve found out a lot more about Windows than I think I ever wanted to know. I figured I’d write down some of that stuff so that I could remember it, and maybe someone out there on the internet will find it useful as well.

There is not 1 WebDAV for Windows

You can’t really say Microsoft Windows supports WebDAV and think of a monolithic chunk of code that everything uses to talk WebDAV. Windows Explorer uses what’s called the Mini-Redirector. The min-redirector allows you to map a WebDAV location to a Drive letter the same as if you were using a Windows File Sharing/SMB/CIFS share. The mini-redirector has some limitations though.

The Mini-Redirector:

  • No support for HTTPS
  • No support for declared ports (http://example.com:8080/path)
  • No support for LOCK and UNLOCK commands

There is also a system called Web Folders. Web Folders is the WebDAV implementation for Microsoft Office products. Web Folders supports all of the things that the Mini-Redirector doesn’t, including SSL, file locking, etc.

Right now, you might find yourself asking: “If there are two implementations and one is really limited and one is more featured, then why not just replace the worse version with the better?”. Yeah, I asked the same question and don’t know the answer.

When you map a WebDAV drive in Windows and want to open a Microsoft Office document, you get the distinct pleasure of using both WebDAV implementations. The Mini-Redirector asks the server for the file and once it gets it it opens Office and then Office re-asks the server for the same file again after doing some server discovery and file locking. The hand-off means that Office has to re-authenticate if your WebDAV server uses Digest Authentication, so you get to see a login dialog again. What fun!?

Server Discovery

Office uses the OPTIONS command do to Server discovery. Server discovery is basically the process of trying to figure out what kind of server it is and what protocols it supports.

The Office Web Folders always requests OPTIONS from the root (/) of the web server making a horrible assumption that any any server that supports WebDAV must support all the way to the root of the server.

Often when you are allowing users to manipulate files and folders across the internet you might want to use some form of authentication. Digest Authentication is more secure than Basic Authentication which sends the user name and password in plain-text form, so it is a good choice for authentication if you are not going to use a secure (HTTPS) connection. There’s only one small problem with this. There is a bug in the Web Folders implementation so it will not send Authentication headers on OPTIONS requests. That means you have to return an OPTIONS response regardless of what lives at a URL or whether a user is authenticated or they can’t properly open Office documents.

The Office Web Folders support does not just do WebDAV, it can also use Front Page Extensions. Since Front Page is a Microsoft proprietary product, Office prefers to use Front Page over WebDAV. In fact, it prefers it so much, that one of the only ways to get Office to use WebDAV is to use a custom header in OPTIONS requests: MS-Author-Via: DAV
The MS-Author-Via header tells Office that you don’t care how bad it wants to try Front Page, just use WebDAV.

Some Other Resources

Mini-Redirector Issues:
http://greenbytes.de/tech/webdav/webdav-redirector-list.html

Web Folder Client Issues:
http://greenbytes.de/tech/webdav/webfolder-client-list.html

WebDAV Reference Book:
WebDAV: Next-Generation Collaborative Web Authoring by Lisa Dusseault

The entry 'More WebDAV Tips, Tricks and Bugs' was posted on March 1st, 2006 at 9:13 pm and last modified on May 1st, 2007 at 3:40 pm, and is filed under Code, WebDAV. You can follow any responses to this entry through the Atom feed. You can leave a response, or trackback from your own site.

9 Responses to “More WebDAV Tips, Tricks and Bugs”

  1. Alex writes:
    No. 1 — May 10th, 2006 at 2:35 pm

    Yes, It all sounds like the same set of problems when I was trying to have support for windows odd behavors. in addition to the problems you said I also found problems with authentication. Mini redirector only sends user info via digest it also sends username along with domain user/domain. Also for the OPTIONS method it will not send authentication information and yes requests for the root / url.

    I wish they would follow the standards better. I think they could but do this by design. Every time I download an update from windows I cross my fingers hoping that I don’t have to make more changes to accomidate for their poor implementation

  2. Jim Weller writes:
    No. 2 — June 30th, 2006 at 4:04 pm

    This article is a nice synopsis of a lot of limititions and idiosyncrasies that are not clearly and explicitly stated by MS or the google-able pros on the web.

    It pains me that I cannot map a network drive over HTTPS. I can open a network place, but not map it to a drive. If I use plain HTTP, then I can both do a network place and map a drive.

    Very frustrating!

    Thanks for the information.

  3. roberto writes:
    No. 3 — August 17th, 2006 at 3:26 pm

    Can WebDav over Plone, made the lock file for MS Word during editing of .doc via NetDrive/Morgul DAV client ?

    Roberto

    ps: If this comment is inappropriate, remove it…but answer me, plese :)

  4. Geoff Lane writes:
    No. 4 — August 17th, 2006 at 4:46 pm

    Roberto,
    I don’t know anything specifically about NetDrive or Morgul, but I assume they are similar to something like Webdrive.

    Webdrive completely hides WebDAV from Microsoft Office products, so the Office WebFolders implementation never gets involved. Everything looks like a local file. This is good in many ways, because the WebDAV implementation in Office has a lot of limitations. Because the Office WebDAV redirector is not involved, it of course can not send LOCK commands. All of this locking would have to be done through Webdrive. So, that’s something that you would have to configure on your Webdrive client (or NetDrive or Morgul).

    Hope that helps.

  5. Vinay writes:
    No. 5 — November 29th, 2006 at 1:55 am

    Hi,
    You mention about not auth-protecting OPTIONS to make WebFolders work. Does the same trick work for mini-redirector too? Because, it isn’t working for me on a fully updated Windows XP SP2 box. I see that mini-redirector does PROPFIND instead of OPTIONS. And it ends throwing up a LANMAN login prompt (it is surely not digest auth dialog as it doesn’t display the Realm Name). Any idea how to get it working? I have MS-Author-via headers set and the same setup works well with Office clients. Without auth protection it works well with all MS clients.

    Thanks,
    Vinay

  6. Geoff Lane writes:
    No. 6 — November 29th, 2006 at 9:16 am

    Vinay,
    When I was working on my WebDAV server, I had to open a number of support tickets with Microsoft to figure out these things. There was no way for me to find these things out on my own (no documentation or anything about non-standard behavior). So, you might have to call them?

    I think the mini-redirector might have the same problem with OPTIONS. Also understand that it often requests OPTIONS from the root of the web path (http://www.example.com/) regardless of the path where the DAV server is mapped.

    Here are some things to try:
    Make sure that only Anonymous authentication is enabled in IIS (not Windows or any others).

    Try taking a look at the ‘resources’ links to the Greenbytes.de pages. They have a lot of useful information about bugs in various WebDAV implementations on Windows.

    Hope that helps.

  7. ingbabic writes:
    No. 7 — December 29th, 2006 at 6:45 am

    Hello
    I’m having problem with mapping drive to WebDAV location on my XP SP2 box. When I type something like this:
    net use z: http://srv1/budget/
    I get this:
    System error 67 has occurred.
    The network name cannot be found.
    Srv1 is 2003 server with enabled read, write, browsing, log and index capabilities, execute permission is set to script only, and directory security is set to anonimous access only. Does not help if I click integrated windows authentication.
    Is it possible to map a drive to WebDav location, am I missing something?

  8. ingbabic writes:
    No. 8 — December 29th, 2006 at 6:48 am

    uups, sorry I forgot to mention that using this folder (http://srv1/budget/) from network locations works without a problem!

  9. Berend Engelbrecht writes:
    No. 9 — March 22nd, 2007 at 2:03 pm

    THANK YOU!!! We searched for ages for the reason why MS Word 2003 would always insist on opening Word documents read-only from our webdav server software. It was driving me nuts. Just added the “MS-Author-Via” header to the OPTIONS response block and as if by magic IT STARTED WORKING. No more read-only documents, no more incorrect document updates, truly a terrific fix. I can’t thank you enough!!

Leave a Reply

« Ruby Features You’ll Wish You Had In Other Languages
Ruby 1.8 (today) vs C# 3.0 (some future date) »