- From: Jim Whitehead <ejw@ics.uci.edu>
- Date: Tue, 6 Apr 1999 12:42:23 -0700
- To: Pete Carlson <pete@datachannel.com>, w3c-dist-auth@w3.org
I have some experience with this. I have used Web folders with Basic authentication, but have not yet used them with Digest authentication, and hence I cannot say anything about Web folders with Digest auth. > I have a network sniffer set up so that I can see the interaction between > WebFolders and Windows2000, but I do NOT see any HTTP > Authentication headers being processed. Authentication in HTTP is a challenge/response protocol. Hence, what will happen is the WebDAV Explorer will make a request to the server, and the server will reply with one or more WWW-Authenticate headers, which then detail the kinds of authentication supported by that resource. The client then picks from among those authentication schemes, and returns authentication information in its response, which is the original request, with the addition of an Authenticate header which contains the authentication information. So, Web Folders won't just send an Authenticate header unless it first gets a WWW-Authenticate header back in a response. > Does anyone have any experience doing WebDAV authentication and having > WebFolders (or Office2000 for that matter) as the client? Is > there a way to "turn these headers on" in these clients? Or is it setup > to be a challenge/response where the server has to challenge the client > somehow? If so, how do I challenge? So, as you suspected, the challenge is configuring the server to issue the challenge. Since you specifically mention Windows2000, I'll note that on this platform (actually W2K server), to turn on this Basic authentication capability you go to the Internet Services Manager (Startup --> Administrative Tools), then select the folder you want to have authenticated, then select Properties, then select Security. Click "Edit.." button for "Anonymous Access and Authentication Control". Unselect "Anonymous access". Then click on "Basic authentication", and unselect other options. Then click OK, and Save. You can now authenticate as any user who has any permissions defined on the collection (add these users by, as Administrator, right clicking on the folder. Select the Security tab. Add/remove users.) Verify that Basic auth. is active by doing a HEAD request against the resource (via telnet). The resposne should include a single WWW-Authenticate header for Basic authentication. For an example of how you might configure a server to do Basic auth. using Apache mod_dav, you can check out this email from the dav-dev archives: http://dav.lyra.org/pipermail/dav-dev/1999-February/000123.html - Jim
Received on Tuesday, 6 April 1999 15:55:53 UTC