W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1999

RE: Web Folders interoperability with Authentication?

From: Jim Whitehead <ejw@ics.uci.edu>
Date: Tue, 6 Apr 1999 12:42:23 -0700
To: Pete Carlson <pete@datachannel.com>, w3c-dist-auth@w3.org
Message-ID: <002301be8065$9789df40$d115c380@ics.uci.edu>
I have some experience with this.

I have used Web folders with Basic authentication, but have not yet used
them with Digest authentication, and hence I cannot say anything about Web
folders with Digest auth.

> I have a network sniffer set up so that I can see the interaction between
> WebFolders and Windows2000, but I do NOT see any HTTP
> Authentication headers being processed.

Authentication in HTTP is a challenge/response protocol.  Hence, what will
happen is the WebDAV Explorer will make a request to the server, and the
server will reply with one or more WWW-Authenticate headers, which then
detail the kinds of authentication supported by that resource.  The client
then picks from among those authentication schemes, and returns
authentication information in its response, which is the original request,
with the addition of an Authenticate header which contains the
authentication information.

So, Web Folders won't just send an Authenticate header unless it first gets
a WWW-Authenticate header back in a response.

> Does anyone have any experience doing WebDAV authentication and having
> WebFolders (or Office2000 for that matter) as the client?  Is
> there a way to "turn these headers on" in these clients?  Or is it setup
> to be a challenge/response where the server has to challenge the client
> somehow?  If so, how do I challenge?

So, as you suspected, the challenge is configuring the server to issue the
challenge.  Since you specifically mention Windows2000, I'll note that on
this platform (actually W2K server), to turn on this Basic authentication
capability you go to the Internet Services Manager (Startup -->
Administrative Tools), then select the folder you want to have
authenticated, then select Properties, then select Security.  Click "Edit.."
button for "Anonymous Access and Authentication Control".  Unselect
"Anonymous access".  Then click on "Basic authentication", and unselect
other options.  Then click OK, and Save.  You can now authenticate as any
user who has any permissions defined on the collection (add these users by,
as Administrator, right clicking on the folder.  Select the Security tab.
Add/remove users.)

Verify that Basic auth. is active by doing a HEAD request against the
resource (via telnet).  The resposne should include a single
WWW-Authenticate header for Basic authentication.

For an example of how you might configure a server to do Basic auth. using
Apache mod_dav, you can check out this email from the dav-dev archives:

http://dav.lyra.org/pipermail/dav-dev/1999-February/000123.html

- Jim
Received on Tuesday, 6 April 1999 15:55:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:49 GMT