Configure webDav in IIS over SSL using windows authentication, but allow read access for all internet users

Note: To set up webDAV, here is a good article (If your using IIS 5.0 it is most likely already up and running):

The following article was good, but I thought it would be better to just use multiple virtual directories rather than multiple IIS sites.

What I did:
1)make a virtual directory imagesUploads that requires SSL and windows authentication and points to the uploads/images folder on the server. Allow write/modify/etc. in IIS.
2)make a virtual directory images, which points to the same uploads/images folder, but does not require SSL or windows login, just anonymous user read access in IIS.
3)On the uploads/images physical folder, give the upload users all the write/modify access they may need. Give the IUSR anonymous internet user account read only rights.
4)Users upload using webDAV and the URL, but your stuff will all point

The retarded thing is, that is a user tries to access the non-ssl upload site, windows will still prompt for a login, and will deny them no-matter what, because it is not SSL. but I wonder if the uname/pw text is being sent, because that would make network sniffers pickup the credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *