W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2007

RE: AW: WebDAV with Windows Vista

From: Kevin Wiggen <kwiggen@xythos.com>
Date: Thu, 15 Mar 2007 08:38:49 -0800
Message-ID: <03E7D3E231BB7B4A915A6581D4296CC603C5CBC9@NSNOVPS00411.nacio.xythos.com>
To: <keenriser@planet.nl>, "Konstantin Breu" <Konstantin.Breu@gmx.net>
Cc: <w3c-dist-auth@w3.org>

Fun with Vista.  I am running Ultimate on my MAC!!!! :)

Mount with http://zerg/testser

One thread seems to do the options to /

OPTIONS / HTTP/1.1
translate: f
User-Agent: Microsoft-WebDAV-MiniRedir/6.0.6000
Host: zerg
Content-Length: 0
Connection: Keep-Alive

To this my server sends 401.  The client sends the exact same OPTONS request 8 times, every time Xythos responds:

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: BASIC realm="zerg"
WWW-Authenticate: Digest realm="zerg", stale=false, nonce="a9f913cb2047d78006409618d3c41f77", qop="auth", algorithm="MD5"
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 15 Mar 2007 15:52:29 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 187

<html><title>Error 401</title><body>
Error: 401
<BR><H1>Forbidden</H1><BR>That action is not authorized.  Please ensure that you are authenticated.<BR>
<p><p></p></p>
</body></html>

Finally a OPTIONS comes in that sends security:

OPTIONS / HTTP/1.1
translate: f
User-Agent: Microsoft-WebDAV-MiniRedir/6.0.6000
Host: zerg
Authorization: Digest username="testuser",realm="zerg",nonce="3e55e2b07924328e3e8c8c1510153347",uri="/",cnonce="11b27b4c6344cb7fc960b188486eb50e",nc=00000001,algorithm=MD5,response="2795d64e41bdac842e366f80292f33d6",qop="auth"
Connection: Keep-Alive
Content-Length: 0


And we respond with a 207:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: XythosSessionID1=[B@8ab08f-1143118060; Expires=Fri, 16-Mar-2007 15:52:37 GMT; Path=/
DAV: 1,2, access-control, ticket, version-control
MS-Author-Via: DAV
Allow: OPTIONS, PROPFIND, PROPPATCH, LOCK, UNLOCK, DELETE, GET, HEAD, MOVE, COPY, ACL, SEARCH
DASL: <DAV:basicsearch>
Accept-Ranges: bytes
Xythos-WFS-Version: Xythos WebFile Server 6.0.43.2
Content-Type: text/html
Content-Length: 0
Date: Thu, 15 Mar 2007 15:52:36 GMT


Then in a different thread (or at least socket connection) the PROPFINDS start coming

PROPFIND /testuser HTTP/1.1
Content-Length: 0
Depth: 0
translate: f
User-Agent: Microsoft-WebDAV-MiniRedir/6.0.6000
Host: zerg
Connection: Keep-Alive

2 of these before it actually sends the security across (so we are 401)

PROPFIND /testuser HTTP/1.1
Content-Length: 0
Depth: 0
translate: f
User-Agent: Microsoft-WebDAV-MiniRedir/6.0.6000
Host: zerg
Connection: Keep-Alive
Authorization: Digest username="testuser",realm="zerg",nonce="fd1c548507916a8357033e683637ecb8",uri="/testuser",cnonce="09531995e94a0c4854bf26b2d8b94588",nc=00000001,algorithm=MD5,response="5f7a62f219add0be995bca7d6d3e21b5",qop="auth"

To which we give the 207

HTTP/1.1 207 Multi-Status
Server: Apache-Coyote/1.1
Set-Cookie: XythosSessionID1=[B@8ab08f-1143118060; Expires=Fri, 16-Mar-2007 15:52:37 GMT; Path=/
Date: Thu, 15 Mar 2007 15:52:36 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 1227

<?xml version="1.0" encoding="utf-8" ?>
<D:multistatus xmlns:D="DAV:" xmlns:XS="http://www.w3.org/2001/XMLSchema" xmlns:XSI="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:b="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" >
<D:response xmlns:ns-1="http://www.xythos.com/namespaces/StorageServer">
<D:href>http://zerg/testuser/</D:href>
     <D:propstat>
        <D:prop>
<D:creationdate b:dt="dateTime.tz">2007-02-13T00:54:06Z</D:creationdate>
<D:lockdiscovery></D:lockdiscovery>
<D:displayname><![CDATA[testuser]]></D:displayname>
<D:resourcetype><D:collection/></D:resourcetype>
<D:getlastmodified b:dt="dateTime.rfc1123">Wed, 21 Feb 2007 21:45:08 GMT</D:getlastmodified>
<D:supportedlock><D:lockentry><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry><D:lockentry><D:lockscope><D:shared/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock>
<ns-1:sharefromstestuser_x0040_1_x003a_1001 XSI:type="XS:string"><![CDATA[]]></ns-1:sharefromstestuser_x0040_1_x003a_1001>
       </D:prop>
       <D:status>HTTP/1.1 200 OK</D:status>
     </D:propstat>
</D:response>
</D:multistatus>

It then does a PROPFIND to /

PROPFIND / HTTP/1.1
Content-Length: 0
Depth: 0
translate: f
User-Agent: Microsoft-WebDAV-MiniRedir/6.0.6000
Host: zerg
Connection: Keep-Alive
Cookie: XythosSessionID1=[B@8ab08f-1143118060

Well 2 actually which you must 207 (its very similar to what we do above)

It then does a series of PROPFINDS to / and /testuser which we 207 like we do above.

The mount exists.  I have seen the problem where I am attempting to mount a location like /testuser/foo/bar where the user does NOT have the security set to PROPFIND / AND /testuser AND /testuser/foo AND /testuser/foo/bar.  If this is the case as the server does not send a nice 207 to the client for ANY of those parent directories including / the mount FAILS.  This is what my posts to the newsgroups spoke about.  I can give a LOT of reasons why a client would not be able to do this, and discussed this with MS but have not been given a response on if/when this would be fixed.  


Interesting that when I tried 

\\zerg\testuser it never sent an OPTIONS or a PROPFIND to /.  I am not sure if this is because it somehow has the OPTIONS cached.  I killed all of my IE windows (even though that doesn't mean as much in Vista) and my windows explorer windows and tried again and only saw a PROPFIND to /testuser

Interesting to note that this other model must run on port 80 or 443, at least \\zerg:9999\testuser did not work.

I then created a folder /foo/bar/fee to which testuser only has access to the fee folder and NOT its parents (this fails with the http://zerg/testuser/foo/bar/fee mount as explained above).

I then tried \\zerg\foo\bar\fee and even before I hit return (after I typed \\zerg\foo\) it does a PROPFIND to /foo (which my server 404s due to security).  It then does a series of PROPFINDs to / and /foo before it fails without mounting. So I am not sure what this other syntax does except for not doing the OPTIONS request with a different socket, the PROPFIND requests seem to be the same.  I guess getting rid of the OPTIONS to / is something :)

I also read the posts you spoke about and it SCARES me when MS employees (at least people pretending to be MS employees) state:

>>> Having said that, there shouldn't be any need to install WebFolders since
>>> the WebDAV redirector has replaced all functionality provided by the
>>> WebFolders. The only thing that WebDAV redirector doesn't support (that
>>> WebFolders DID support) was being able to access WebDAV servers that don't
>>> support OPTIONS at their root.

This is NOT true.  While the OPTIONS to root is a problem, the client also needs to PROPFIND all parent directories which in many cases (security, not having the webdav mount point at root, etc) is not true.  I didn't take the time to point this out to Walter as I am late and now need to run to work.

Hope this helps,
Kevin







-----Original Message-----
From: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-request@w3.org] On Behalf Of keenriser@planet.nl
Sent: Thursday, March 15, 2007 3:55 AM
To: Konstantin Breu
Cc: Kevin Wiggen; w3c-dist-auth@w3.org
Subject: Re: AW: WebDAV with Windows Vista


Hi, 

I looked around on the web a bit and found a workaround that might work: 
http://www.schiller.cc/blog/2007/01/29/bug-in-vistas-webdav-implementation

The steps: 
   1.  Go to "Add a Network Location..."
   2. Insert your webdav ressource in the following format:
"\\mywebdav.server@SSL\dav", insert (if applicable) your username by
"Connect using a different username" - and now, your shared folder
should appear :)

Hope it helps :) 

Regards, 
Erik 

----- Oorspronkelijk bericht -----
Van: Konstantin Breu <Konstantin.Breu@gmx.net>
Datum: donderdag, maart 15, 2007 10:24 am
Onderwerp: AW: WebDAV with Windows Vista

> 
> Hello,
> 
> > http://www.vista64.net/forums/vista-general/21946-webdav-web-
> folder-clie
> > nt-msdaipp-dll-supported-vista.html
> 
> I have posted there now, too:
> http://www.vista64.net/forums/vista-general/48154-webdav-support.html
> I tried all workarounds posted in the forum in different topics. 
> None of
> them worked with my test client...
> 
> My first tests were with Vista Business - there I did not see any 
> clientserver requests when trying to get the network resource 
> connection to the
> webdav site. This was different with Vista Ultimate. There the 
> client did
> requests, but then still could not create the connection. I've done 
> the test
> now also with the webdav function offered by Apache Tomcat. It's 
> just the
> same. It works when the client is running at Windows XP, it does 
> not work
> with client running Vista...
> 
> Btw, they have a similar "Windows client workaround" like my webdav 
> server:http://issues.apache.org/bugzilla/show_bug.cgi?id=40160
> 
> Well now... according to the answers in this list it works at some 
> Vistaclients of some persons. But when looking to the webdav 
> questions at
> http://www.vista64.net it does not work at every client. I will try 
> now to
> get better information from Microsoft support (to get some answer 
> like "we
> know the problem, it will be fixed with patch xyz"). Is anyone in 
> this list
> interested in that? Then I will post it here.
> 
> Cheers,
> Konstantin
> 
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-
> request@w3.org] Im
> Auftrag von Kevin Wiggen
> Gesendet: Dienstag, 13. März 2007 18:37
> An: Konstantin Breu; w3c-dist-auth@w3.org
> Betreff: RE: WebDAV with Windows Vista
> 
> 
> Basically MS removed the "webfolders" client in Vista and now only has
> the mini-redirector (XP had BOTH and different version depending on
> whether Office was installed).
> 
> http://www.vista64.net/forums/vista-general/21946-webdav-web-folder-
> client-msdaipp-dll-supported-vista.html
> 
> There are 2 shortcomings of the redirector spoken about here (note 
> thatthis is just to get the client to connect, once its connected I 
> cannotspeak to other problems):
> 
> 1)  The client requires the ability to OPTION / (not always true)
> 2)  The client will try to walk the chain from / to the mount point
> (there are many reasons the client couldn't do this including 
> security).
> 
> However if I try to mount /Kevin on a server (and have access to do 
> so),it will connect.
> 
> Also interesting that some of my follow-up comments were deleted from
> the forum.  I guess someone didn't like the extended information I 
> gave:) 
> 
> Kevin
> 
> -----Original Message-----
> From: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-
> request@w3.org]On Behalf Of Konstantin Breu
> Sent: Tuesday, March 13, 2007 6:46 AM
> To: w3c-dist-auth@w3.org
> Subject: WebDAV with Windows Vista
> 
> 
> Hello,
> 
> @Mac/Linux users: I am sorry for asking **windows** specific questions
> here.
> Just stop reading... ;-)
> 
> I have a WebDAV server (J2EE based), there is no problem to use it 
> withWindows Explorer (via Network Resource), Internet Explorer (via 
> openpage as
> Web folder), Office 2003/2007 when using Windows XP SP2.
> 
> But so far I did not have any success when trying the same with 
> WindowsVista. Windows Explorer cannot create the connection (but it 
> is doing
> requests to the server), Internet Explorer only offers to open it 
> as web
> page (GET). Office 2007 also only does GET, when I try to access the
> folders
> an files in the file open dialog. If I enter there a folder address
> (http://.....), it then does a GET against that address, and opens 
> thatas
> "document" in Word etc...
> 
> My question to the list: is there somebody, who was able to use 
> WindowsExplorer/Internet Explorer/Office 2007 (or an older version) 
> withWindows
> Vista as WebDAV client? Are there special settings for the client 
> side,or
> additional installations, which I have to do? Or are there some
> additional
> requirements for the server, which Vista needs? (for example 
> support of
> some
> Properties, Http headers, Authentication method,...) You could also 
> sendme
> communication logs, if your server works with Vista, and you do not 
> knowwhy.... ;)
> 
> If there is somebody, who has the same problem: you can also drop 
> me a
> line,
> then I could give you some hints when I have found out more... Of 
> courseI
> also searched in the internet for information... I found 
> descriptions of
> such problems, some people were describing workarounds, but so far 
> theseworkarounds did not help me...
> 
> I will also get into contact with Microsoft support, but this will 
> takesome
> longer time, as I or my chief will have to pay for it. I will also do
> tests
> with other clients (for example WebDrive), and other servers (for
> example
> Slide, Tomcat), to see how they are working when the client OS is
> Vista...
> 
> Cheers,
> Konstantin
> 
> P.S. I was testing so far with Vista Business, but I have access to 
> allversions.
> 
> 
> 
> 
> 
> 
> 
Received on Thursday, 15 March 2007 16:39:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:15 GMT