Installing and Configuring WebDAV on IIS 7.0

Introduction

Microsoft released a new WebDAV extension module that was completely rewritten for Internet Information Services 7.0 (IIS 7.0) on Windows Server® 2008. This new WebDAV extension module incorporated many new features that enable web authors to publish content better than before, and offers web administrators more security and configuration options. Microsoft has released an update to the WebDAV extension module for Windows Server® 2008 that provides shared and exclusive locks support to prevent lost updates due to overwrites.

This document walks you through adding WebDAV publishing to an existing web site using the new WebDAV user interface and by directly editing the IIS configuration files.

Note: This walkthrough contains a series of steps in which you log on to your Web site using the local loopback address and the local administrator account. When using an administrator account, these steps should only be followed on the server itself using the loopback address or over SSL from a remote server. If you prefer to use a separate user account instead of the administrator account, you must create the appropriate folders and set the correct permissions for that user account when necessary.

In This Walkthrough

• Installing WebDAV on IIS 7.0
• Enabling WebDAV Publishing using the IIS Manager
• Enabling WebDAV Publishing by editing the IIS configuration files

Note: This topic discusses using the WebDAV Redirector to connect to your web site. Please see the Using the WebDAV Redirector topic for more information; speficially the Troubleshooting the WebDAV Redirector section if you have trouble using the WebDAV redirector.

Installing WebDAV on IIS 7.0

Prerequisites

The following items are required to complete the procedures in this article:

• IIS 7.0 must be installed on your server, and the following must be configured:
  • The Default Web Site that is created by the IIS 7.0 installation must still exist.
  • The Internet Information Services Manager must be installed.
  • At least one authentication method must be installed.

Note: If you choose to use Basic Authentication with the WebDAV redirector, you must connect to your server using HTTPS.

• The WebDAV Redirector must be installed:
  • You must use Server Manager to install the Desktop Experience feature before you can use the WebDAV redirector.

Downloading the Right Version for Your Server

There are two separate downloadable packages for the new WebDAV extension module; you need to download the appropriate package for your version of Windows Server 2008:

• 32-bit Installation Package:
  • WebDAV 7.5 for IIS 7.0 (x86)
• 64-bit Installation Package:
  • WebDAV 7.5 for IIS 7.0 (x64)

Launching the Installation Package

You must run the installation package as an administrator. This can be accomplished by one of the following methods:

• Logging in to your server using the actual account named "Administrator", then browsing to the download pages listed above or double-clicking the download package if you have saved it to your server.
• Logging on using an account with administrator privileges and opening a command-prompt by right-clicking the Command Prompt menu item that is located in the Accessories menu for Windows programs and selecting "Run as administrator", then typing the appropriate command listed below for your version of Windows to run the installation:
  • 32-bit Windows Versions:
    • msiexec /i webdav_x86_75.msi
  • 64-bit Windows Versions:
    • msiexec /i webdav_x64_75.msi

Walking Through the Installation Process

1. When the installation package opens, you see the following screen. If you agree to the license terms, check the "I accept" box, then click Install.
   
2. The progress indicator will reflect the status of the installation as it proceeds.
   
3. After the installation has completed, click Finish.
   
4. The WebDAV extension module is now installed.

Enabling WebDAV Publishing Using the IIS Manager

The new WebDAV extension module makes it easy to add WebDAV publishing to existing sites by providing you with a wizard that walks you through all of the required steps.

Step 1: Enabling WebDAV and Adding an Authoring Rule

In this first step, we add WebDAV publishing to the Default Web site, and add the required settings to allow the local administrator account to edit the content.

1. In IIS Manager, in the Connections pane, expand the Sites node in the tree, then click the Default Web Site.
2. As shown in the image below, double-click the WebDAV Authoring Rules feature.
   
3. When the WebDAV Authoring Rules page is displayed, click the Enable WebDAV task in the Actions page.
   
4. Once WebDAV has been enabled, click the Add Authoring Rule task in the Actions pane.
   
5. When the Add Authoring Rule dialog appears:
   1. Click All content to specify that the rule applies to all content types.
   2. Choose "Specified users" and type "administrator" for the user name.
   3. Select Read, Source, and Write for the permissions.
   4. When you have completed these items, click OK.
      

Summary

Task completed. You have enabled WebDAV authoring on an existing Web site.

To recap the items that you completed in this step, we added WebDAV publishing to the "Default Web Site" by:

• Enabling WebDAV for the Web site.
• Adding an Authoring Rule for the local administrator account for Read, Source, and Write access.

Note: As mentioned earlier, your default request filtering settings may block several file types from WebDAV authoring. If you do not modify your request filtering settings, you may see various errors when you try to publish files that are blocked. For example, if you attempt to upload or download a web.config file you will see errors in your WebDAV client. For more information about configuring your request filtering settings, see the How to Configure WebDAV with Request Filtering walkthrough.

Step 2: Logging in to Your WebDAV Site

In Step 1 above, you enabled WebDAV publishing for your Default Web Site and added an Authoring Rule for the local administrator account for Read, Source, and Write access to your Web site's content. In this step, you log in using your administrator account.

Ensuring that you have Authorization and Authentication configured

1. In IIS Manager, in the Connections pane, expand the Sites node in the tree, then click the Default Web Site.
2. Double-click the Authentication feature.
   
3. When the Authentication feature opens, make sure that Windows Authentication is enabled. (Note: You can use Basic Authentication with WebDAV, but the WebDAV redirector will only use Basic Authentication with SSL connections.)
   
4. In IIS Manager, click the Default Web Site under the Sites node in the tree.
5. Double-click the Authorization feature.
   
6. When the Authorization feature opens, make sure that an Allow rule is defined that includes the administrator account. (For example, the default rule for IIS allowing access to All Users will include the administrator account.)
   

Logging in to your WebDAV site using your administrator account

1. On your WebDAV server, open a command prompt session.
2. Type the following command to connect to your WebDAV server:
   
   net use * http://localhost/

You now have a drive mapped to your WebDAV-enabled web site using the local administrator account, and based on the authorization rule that we added in Step 1, you have Read, Write, and Source access to the content folder.

Summary

To recap the items that you completed in this step:

• You verified that your Web site had sufficient Authentication and Authorization settings.
• You logged in to your WebDAV site as the local administrator.

Enabling WebDAV Publishing by Editing the IIS Configuration Files

You can also add WebDAV publishing to an existing Web site by editing the IIS configuration files.

Note: Editing your applicationHost.config file requires full administrative permissions. This is best accomplished using one of two methods:

• Log in to your computer using the local "administrator" account.
• If you are logged in using an account with administrative permissions that is not the local "administrator" account, open Notepad using the "Run as Administrator" option.

Note: The above steps are required because the User Account Control (UAC) security component in Windows Server 2008 will prevent access to your applicationHost.config file. For more information about UAC, please see the following documentation:

• http://go.microsoft.com/fwlink/?LinkId=113664

The following steps will walk you through all of the required settings to add WebDAV publishing for the Default Web Site.

1. Using a text editor such as Windows Notepad, open your applicationHost.config file, which is located in your %SystemRoot%\System32\inetsrv\config folder by default.
2. Scroll to the bottom of your applicationHost.config file and locate the <location> section for your Default Web Site that contains your authentication settings. If this section does not exist, you must add it. This should resemble the following example:
   
   <location path="Default Web Site">
      <system.webServer>
         <security>
            <authentication>
               <anonymousAuthentication enabled="true" />
               <basicAuthentication enabled="false" />
               <digestAuthentication enabled="false" />
               <windowsAuthentication enabled="true" />
            </authentication>
         </security>
      </system.webServer>
   </location>
3. Make sure that you have Windows Authentication method enabled.
4. Add a <webdav> section beneath the closing </authentication> tag that will contain your WebDAV settings.
5. Add an <authoring enabled="true" /> element to the <webdav> element
6. And add and <authoringRules> collection with a single entry for <add users="administrator" path="*" access="Read, Write, Source" />.
7. Your Default Web Site's settings should now resemble the following example:
   
   <location path="Default Web Site">
      <system.webServer>
         <security>
            <authentication>
               <windowsAuthentication enabled="true" />
               <anonymousAuthentication enabled="false" />
               <digestAuthentication enabled="false" />
               <basicAuthentication enabled="false" />
            </authentication>
         </security>
         <webdav>
            <authoring enabled="true" />
            <authoringRules>
               <add users="administrator" path="*"
                  access="Read, Write, Source" />
            </authoringRules>
         </webdav>
      </system.webServer>
   </location>
8. Save your applicationHost.config file.

You should now be able to log in to your WebDAV-enabled site using a WebDAV client using the administrator account, but no other users should be able to access the content using WebDAV.

Summary

In this task you added WebDAV publishing to your Default Web Site by editing the IIS configuration files. To recap the items that you completed in this task:

1. You enabled Windows Authentication for the Default Web Site.
2. You enabled WebDAV for the Default Web Site.
3. You added a WebDAV authoring rule for the administrator account with Read, Write, and Source access the Default Web Site.

Related Content

Comments

1. Submitted on Aug 21 2008 by
   niall brady hi, nice article, however you mention above in Step 2, point 5 that we have to double click on the Authorization Rules feature, my IIS install did not have this feature (icon) and in order to continue I had to install the URL authorization role by going
   into Server Manager, select Roles, Select Web Server (IIS), select Roles services and scroll down to Security, check if URL Authorization is installed, if it is not installed, click on Add role Services in the right pane and install it.
   
   you might consider adding this info so others don't have to google for it !
   
   cheers
   niall
2. Submitted on Sep 15 2008 by
   balassy You may find it helpful to read C:\Windows\System32\inetsrv\webdav.chm:
   
   "IIS 7.0 supports a newly shared configuration environment, which must be disabled on each server in a Web farm before you install the WebDAV Extension for each node. Note: Shared configuration can be re-enabled after the WebDAV Extension has been installed."
   
   Without this the "WebDAV Authoring Rules" icon did not show up in IIS Manager for me.
   
   BTW an update is available (7/22/2008) for WebDAV Extension for IIS 7.0 (KB955137):
   http://www.microsoft.com/downloads/details.aspx?FamilyId=567CB0D6-3E94-4035-A79D-22D1EF307D5E&displaylang=en
   
   Hope this helps.
   
   György Balássy
3. Submitted on Jan 10 2009 by
   erikkl2000 Is it at all possible that you could tell me how to authenticate by URL? I am able to authenticate perfectly with the mapped drive but I am trying to use the adobe PDF document reviewer, this is where many different people update one document and collaborate in real time.
   
   They have an area for a mapped drive and this works great; however, I know that this is not a good option due to my clients are not always working local.
   
   Can you help?
   
   thanks
   
   erik
4. Submitted on Jan 16 2009 by
   robmcm Erik - can you post additional details about what you're trying to accomplish in the IIS7 Publishing forums at http://forums.iis.net/1045.aspx?
5. Submitted on Jan 19 2009 by
   elBradford Thanks for this awesome guide! I love WebDAV and now I have it on my home server.
6. Submitted on Mar 21 2009 by
   jayirvin I have everything installed as discribed.
   when I try this
   net use * http://localhost/
   I get the error: the network name cannot be found
   I'm trying to use microsoft expression encoder 2 to publish using webdav with no success
7. Submitted on Apr 03 2009 by
   trakatelis With regard to localhost not being found, open your C:\Windows\System32\drivers\etc\hosts file and append the line
   127.0.0.1 localhost
   before the following one
   ::1 localhost
8. Submitted on Apr 06 2009 by
   mshill2 My hosts file is configured correctly. I can get the IIS 7 splash screen from my browser. I cannot from the net use command. Any thoughts?
   
9. Submitted on Apr 15 2009 by
   trakatelis My guess is that you want to use a shared folder, let's say C:\myfolder.
   p>Then you should try: net use * \\localhost\myfolder
   p>If you want to use a folder within your site (a bad idea though),
   p>it might be: net use * \\localhost\inetpub\wwwroot\myfolder
10. Submitted on Apr 17 2009 by
    austinmc *WARNING*
    Don't install this on an Exchange 2007 server with CAS or MBX role. If you've already installed it trying to get Entourage to work, come see me over at http://blogs.technet.com/austinmc/archive/2009/04/17/connecting-entourage-with-exchange-2007.aspx for some tips to set your server straight.
    
    Of course if anyone is legitimately wanting to install this component on an Exchange server, and doesn't want it to interfere with Entourage, there's probably a way to do. If anyone's interested in that, ping me on my blog.
11. Submitted on May 26 2009 by
    ChrisVH1982 Hi!
    
    Thanks for the detailed information but I am having a serious problem. I think I did everything as descriped but it still doesn't work which is driving me nuts :-(
    
    Actions taken:
    
    
    1. Installed IIS 7.0
    2. Installed SharePoint Services 3.0 (using port 80 and 443)
    3. Installed WebDav 7.5 for IIS 7.0 32 bit
    4. Authentication
    - Anonymous Authentication = Enabled
    - Basic Authenciation = Disabled
    - Digest Authentication = Enabled
    - Forms Authentication = Disabled
    - Windows Authentication = Enabled
    5. Configuration of Webdav
    - SharePoint website selected and Webdav enabled (Default Website doesn’t exist)
    - SharePoint website selected and new authoring rule created allowing all users access to all content with full permission
    - SharePoint website selected and authorization rule added. Everybody has access.
    6. Webdav enabled on client computers:
    - XP: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters] "UseBasicAuth"=dword:00000001
    - Vista:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters]"BasicAuthLevel"=dword:00000002
    
    Do you guys have any idea why it doesn't work?