Categories
Admin Web Site Technologies

Getting WebDav to work through Basic Authentication and HTTP

Intro
What I’m about to describe is not a recommended setup, but if like me you’re dealing with legacy infrastructure, well, sometimes you just gotta make things work as they are.

So imagine on your Intranet you have a WebDAV server running HTTP, not HTTPS, and using Basic Authentication. And you want to work with the files on a Windows 7 workstation. Read on to see how we got this combination to play nice together.

The details
First I gave myself access to a WebDAV resource on the server.

Being a Unixy type of guy, I then tried a Linux command-line program. I chose cadaver. See the webdav.org site for other clients.

I had to compile and install cadaver but that was no problem. Here is my test session:

> cadaver http://iwwwd.drj.com/webdav.ear/
Authentication required for CORP LDAP webDAV on server `iwwwd.drj.com’:
Username: drj
Password:
dav:/webdav.ear/> ls
Listing collection `/webdav.ear/’: succeeded.
Coll: drJ Application.ear 0 Sep 17 2012
Coll: drj app Application.ear 0 Nov 30 2013

dav:/webdav.ear/>

So, in other words, it worked! cadaver is kind of nice because it puts you into a shell and has commands similar to FTP, so it is a (mostly) familiar environment.

Now why was my Windows 7 PC giving me such a hard time?

Windows 7 by default only allows for Basic authentication against HTTPS webDAV servers.

To enable Basic authentication on the client computer, follow these steps:
1) Click Start , type regedit in the Start Search box, and then click regedit.exe in the Programs list.
2) Locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
3) Double-click the BasicAuthLevel registry key.
4) In the Value data box, type 2, and then click OK.
5) Exit Registry Editor, and then restart the computer.

More info can be found in this Microsoft knowledge base article: http://support.microsoft.com/kb/841215

http-webdav

Conclusion
Though not recommended for security reasons, it’s good to know there is a way to map a webdav drive when just HTTP (not HTTPS) is being used.

Categories
Admin

WebDav via HTTP (not HTTPS)

Intro
Just because I document it here in this space doesn’t mean it’s best practice or even a good idea. Such is the case today as I document a BAD IDEA – how to get WebDav working to your Windows 7 PC over HTTP instead of HTTPS. This might be appropriate only if WebDav server and client are both on the same very private Intranet.

WebDAV stands for Web-Based Distributed Authoring and Versioning, by the way.

The details
This comes straight from Microsoft. They just don’t make it clear that these steps apply to this case of trying to get WebDAV working over HTTP.

Windows 7 by default only allows for Webdav connections across HTTPS protocol. There is a work around. In order for you to connect to our WebDav directories you will need to make the following registry change:

To enable Basic authentication on the client computer, follow these steps:
1) Click Start , type regedit in the Start Search box, and then click regedit.exe in the Programs list.
2) Locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
3) Double-click the BasicAuthLevel registry key.
4) In the Value data box, type 2, and then click OK.
5) Exit Registry Editor, and then restart the computer.

Why this is a bad idea
Now that we’ve shown how to do it, let’s explain why you shouldn’t! If you use basic authentication over HTTP your password is not encrypted, it is merely encoded. It is trivial for anyone listening in – you know who you are, NSA! – to decode that password.

Conclusion
I’ve documented it before trying it! That’s always dangerous, but this blog makes for such a convenient knowledge base that I felt that was the most important first step.

I will update this to indicate whether or not I actually got it to work.