August 26, 2010

445 words 3 mins read

WebDAV Client – Windows 7

Since I’ve already got Linux & OSX talking to my LDAP/WebDAV enabled Apache, I needed to finish my trifecta… Windows. Specifically, Windows 7. I had heard that it is possible to map WebDAV shares as network drives, just like you would with Samba. Of course, what you hear, what you hope for, and what Windows actually lets you do aren’t always the same (and usually ends with pain).

I had read somewhere that “Map Network Drive” was supposed to work with WebDAV in much the same way as in OSX.  I tried it out, but it never seemed to work.  I spent quite a while googling about for instructions that would work and eventually landed upon a

semi-promising article that mentioned the need to install the “Software Update for Web Folders (KB907306)".  Cool! Maybe that was all I was missing. I gave the update a shot, and a reboot later I was ready to WebDAV…

Of course it didn’t work.  That update does allow you to put in URLs directly into “Map Network Drive” rather than having to go into the more hidden “Connect to a website…” option.  Even still, I couldn’t connect to my WebDAV share. I saw the connection attempts on the Apache logs, but Windows kept telling me it wasn’t a valid share (Liars!).  After some more research, I found a post that said that the WebDAV connector didn’t allow ‘basic’ authentication, but you could fix that with a registry hack.  This time I knew better than to get my hopes up… which was a good thing, because it didn’t work either.

After still more research, I found the answer.  Microsoft’s WebDAV client only supports the use of ‘digest’ authentication.  I almost never use digest authentication, even though it is technically superior, simply because it is not well supported.  Any time you need “secure” authentication, you use SSL.  In the interest of being sure, I switched my authentication on the WebDAV share from ‘basic’ to ‘digest’… TADA… Windows 7 worked with WebDAV.

Of course, there is one CRITICAL flaw, I’m doing this against an LDAP back-end.  You cannot mix ‘digest’ authentication and LDAP.  The short reason is that because digest hashes the password before sending it (where basic sends the password clear text), and that hash is not compatible with your LDAP password hashes. It makes sense, and is nether LDAP’s nor Apache’s fault for not working.  The reality is that it is dumb (and typical) of Microsoft.

In summary: You cannot have Windows 7 natively talk to a ‘basic’ authentication WebDAV share, Period.  You can use Windows 7 native WebDAV with ‘digest’ authentication only, but that prevents you from using LDAP.