If you don’t have the time or expertise to setup a virtual private network (VPN) then WebDAV is a quick and easy alternative to enable remote file access for your users. Web-based Distributed Authoring and Versioning (WebDAV) is a set of extensions to the HTTP protocol. It makes the Web a two-way street by allowing remote users to PUT files on a Web server instead of just GETting them. WebDAV on Windows Server 2003 allows you to funnel data from users, through a WebDAV enabled Web server, and onto existing file servers.
The great thing about WebDAV is that you can (and should) set it up to run on port 443 using industry standard SSL. This means that you won’t run into trouble with most firewall configurations, and can breathe a sigh of relief after paying an exorbitant fee to VeriSign for guaranteeing your identity.
Setting Up IIS
Let’s take a closer look at the dials and levers we need to adjust for IIS to provide WebDAV functionality. First, of course, we need to install Internet Information Services (IIS) somewhere. You don’t have to run IIS on your existing file server(s), and probably shouldn’t. Assuming that you have IIS installed, here are the steps for making fileServershare accessible from https://myWebServer/RemoteFileAccess:
- Start -> Control Panel -> Administrative Tools -> Internet Information Services (IIS) Manager
- Click on the Web Service Extensions folder and enable the WebDAV extension
- Expand SERVERNAME (local computer) -> Web Sites
- Select the “Default Web Site” or create a new site
- Right-click on the chosen site -> New -> Virtual Directory…, this starts a wizard
- Choose an Alias of “RemoteFileAccess” and a Path of “fileServershare”
- Leave the box checked for “Always use the authenticated user’s credentials when validating access to the network directory.”
- Allow the Read, Write, and Browse permissions
- After finishing the wizard, right-click the new virtual folder and choose properties 10. On the Virtual Directory tab verify that Read, Write, Directory browsing, and Log visits are checked. Index this resource should not be checked. Execute permissions should be set to None. 11. On the Directory Security tab -> Authentication and access control, click the Edit… button 12. Be sure that anonymous access is disabled and check the box for Basic Authentication only. You may also want to add a default domain.
13. Back on the Directory Security tab, setup the site to require SSL with the Server Certificate… wizard. You’re on your own here, but this article walks you through the process.
Configuring the Clients
That’s it for the server side; now let’s switch gears and take a look at the client side. Another nice benefit of using WebDAV is that most major operating systems include a native WebDAV client. Windows has included support for WebDAV since Windows 95, and Mac OS 10.4 and up includes support for WebDAV over SSL. Previous versions of Mac OS will require a separate WebDAV client.
To connect from a Mac (10.4 and higher) click on Go -> Connect to Server… and enter in the path for the WebDAV enabled Web server. Following our example above, the path would be “https://myWebServer/RemoteFileAccess”. This will connect you to the files stored on fileServerShare.
There are several ways to connect to a WebDAV server in Windows. In Windows 95 and above you can create a temporary connection by opening Internet Explorer and choosing Open… Enter the path to the WebDAV server and click the box for “Open as a Web Folder”. If you don’t check the box for “Open as a Web Folder” then you will get a read-only view of the data.
You can also create a permanent connection to a WebDAV folder in Windows ME, 2000, XP, and Vista. Here are the steps for ME, 2000, and XP:
- Open My Computer
- Select My Network Places
- Choose “Add a network place” from the “Network Tasks” window on the left, click Next
- Select “Choose another network location”, click Next
- Enter the path to your WebDAV server (i.e. https://myWebServer/RemoteFileAccess)
Microsoft changed the process a bit in Vista:
- Start -> Computer
- Click on the “Map a network drive” button
- Click on the link titled “Connect to a Web site that you can use to store your documents and pictures.”
- Click next, highlight “Choose a custom network location” and click Next
- Enter the path to your WebDAV server (i.e. https://myWebServer/RemoteFileAccess) and click Next
Another handy way to open WebDAV folders in Windows is through a link on a regular web page. Here’s the HTML code you will need to make it work:
Watch Out for Problems
Finally, let’s take a look at some of the issues you may run into using WebDAV. Microsoft has not done the best job writing its newer WebDAV clients. In XP it introduced the “mini-redirector” client. This WebDAV client has various problems, but thankfully we can install the older (more stable) client over the top of it. If you find that you are having trouble connecting to your WebDAV server, try installing the older client:
- Locate webfldrs.msi, usually in c:windowssystem32
- Double-click webfldrs.msi
- Click “Select reinstall mode”
- Uncheck “Repair all detected reinstall problems”
- Check “Force all files to be reinstalled, regardless of checksum or version”
- Check “Verify that required user registry entries are present”
- Check “Verify that required machine registry entries are present”
- Check “Validate shortcuts”
- Click OK and then REINSTALL on the original page
- Restart XP
Microsoft has taken away the ability to install the older WebDAV client in Vista, so you if are having trouble then you will need to find another workaround to any issues.
The Microsoft “mini-redirector” client seems to behave best when the server side paths as defined in IIS are in the form of fileServerShare vs. fileServer or fileServerShareFolder. If you receive an error such as “Internet Explorer could not open https://myWebServer/RemoteFileAccess as a web Folder. Would you like to see its default view instead?” try adjusting the IIS configuration as described above.
If you see the “Internet Explorer could not open https://myWebServer/RemoteFileAccess as a web Folder…” error message in Vista, then it may be an issue with credential caching. Vista caches your credentials the first time you connect to a WebDAV share. Instead of giving you an access denied message or prompting for new credentials when it can’t open a new WebDAV path, it will throw the aforementioned error. Logging off of your desktop will reset the cache.
Additional Resources:
- www.webdav.org
- http://www.webdav.org/goliath/
- http://en.wikipedia.org/wiki/Webdav
- http://support.microsoft.com/kb/299875
- http://msdn2.microsoft.com/en-us/library/ms531414.aspx
Article courtesy of Enterprise Networking Planet