Configure webDav in IIS over SSL using windows authentication, but allow read access for all internet users

Note: To set up webDAV, here is a good article (If your using IIS 5.0 it is most likely already up and running):
http://www.windowsnetworking.com/articles_tutorials/WebDAV-IIS.html

The following article was good, but I thought it would be better to just use multiple virtual directories rather than multiple IIS sites.

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_19095

What I did:
1)make a virtual directory imagesUploads that requires SSL and windows authentication and points to the uploads/images folder on the server. Allow write/modify/etc. in IIS.
2)make a virtual directory images, which points to the same uploads/images folder, but does not require SSL or windows login, just anonymous user read access in IIS.
3)On the uploads/images physical folder, give the upload users all the write/modify access they may need. Give the IUSR anonymous internet user account read only rights.
4)Users upload using webDAV and the URL yourdomain.com/imagesUploads, but your stuff will all point yourdomain.com/images

The retarded thing is, that is a user tries to access the non-ssl upload site, windows will still prompt for a login, and will deny them no-matter what, because it is not SSL. but I wonder if the uname/pw text is being sent, because that would make network sniffers pickup the credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *