For the impatient, I’ll skip right to the solution. Use AuthDigest for authentication in your webdav server config. That’s the big issue with connecting. Windows won’t connect with Basic Auth. For more detail read on.

First let me say that I will be so happy when Microsoft finally flutters in to irrelevance. I use a Mac and have since OS X got decent. Webdav works great on the mac. “It just works…” just like the Mac commercials say.

However, some of the people that work at Wildcog use Windows. So like many, I beat my head against a wall trying to get Vista X64 and Windows 7 X64 to work with Webdav. If you’re running 32bit Windows 7 or Vista just get NetDrive and be done with it. It works like a champ.

For 64 Bit folks NetDrive doesn’t work. But I have good news, believe it or not Windows 7 actually can connect to Webdav. I have it working and will show you how in a sec. It’s not perfect but it does work through the Windows Explorer (and office apps) using nothing more than the built-in support (if you can call it that) in Windows.

My setup:

Webdav Server = Apache2 with Mod Dav on Debian (lenny).

Clients = Random Windows 7 machines (much to my chagrin).

The problem:

My main issue was that the windows box would throw the error “The folder you entered does not appear to be valid” when I tried any of the various methods of connecting or mapping the drive to the webdav resource.

The Fix:

• Make sure  the WebClient Service is running and set to run automatically.
• Configure your webdav server to use Digest Authentication. Windows 7 WILL NOT connect to webdav servers using Basic Authentication.
• Verify that your webdav server with AuthDigest is good by using a known-good OS/Client such as Linux or a Mac.
• On the windows machine go to Explorer\Computer and right click in empty space. Then select “Add a network location”. Now enter your normal webdav URL such as http://your.drive.com/yourfiles

That should be it. It’s worked for me on several machines now. Once you add the “network location” you can map drives to the network location or to the url (it suddenly works) and do other operations normally. You can also use the “net use” command in the shell which may have more interesting options for you.

Some folks have asked for my Apache config. Here’s the relevant bit:

ServerAdmin webmaster@yourdomain.com
ServerName webdav.yourdomain.com

DocumentRoot /www/somethingSecure

Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all

# Note Alias goes to our DocumentRoot.
Alias /webdav /webdav.yourdomain.com

# But we apply different settings

DAV On
AuthType digest
AuthName "webdav"
AuthDigestDomain /webdav http://webdav.yourdomain.com/webdav
AuthUserFile /www/auth/.yourdigest_password
#AuthDigestFile /www/webdav.yourdomain.com/digest-password --doesn't work
Require valid-user




Problems and issues:

So far this works ‘ok’ for me. A reboot seems to hose this setup. Although the “network location” still exists it doesn’t work. I haven’t had sufficient time to play with it and work out the kinds. There’s the /savecred and /persistent switches on the “net use” command that may be useful here.

• A trailing slash “/” makes a difference on connecting via webdav. So “http://webdav.yourserver.com” is not the same as “http://webdav.yourserver.com/”. Try it both ways if you’re having trouble.
• The Apache Authentication Digest documentation example says to use the “AuthDigestFile” directive to point to your password file. This does not work on Debain Lenny / Apache 2. You must use “AuthUserFile” as noted in the above example.

Other Possibilities:

In the event that you can’t change your authentication type you can try going the other way with a registry hack to allow basic authentication. This is for Vista. It may not work for 7. I have not tried it. Got it from here:

To work around this behavior, enable Basic authentication on the client computer. To do this, add the BasicAuthLevel registry entry to the following registry subkey, and then set the entry to a value of 2 or more:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
To enable Basic authentication on the client computer, follow these steps:
Click Start , type regedit in the Start Search box, and then click regedit.exe in the Programs list.
Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
On the Edit menu, point to New, and then click DWORD Value.
Type BasicAuthLevel, and then press ENTER.
On the Edit menu, click Modify.
In the Value data box, type 2, and then click OK.

Note The mapping is as follows:
0 - Basic authentication disabled
1 - Basic authentication enabled for SSL shares only
2 or greater - Basic authentication enabled for SSL shares and for non-SSL shares
Exit Registry Editor, and then restart the computer.

MS obviously hates webdav. It’s a big threat to them. And for a long time they’ve been abusing users in order to lock them in rather than focusing on making great products that people want to use. Other examples are:

• Hotmail not allowing you to forward mail to a non-MS-owned mail service
• Bing being the only search available in IE
• Breaking compatibility with millions of smb devices in the name of security

For the record, digest based auth is better. And it’s good that they’re pushing a more secure solution. But it’s also clear that they just want to make it hard to use webdav. They post no information about the problem. If M$ made money on webdav you can bet your ass it would work or there would at least be a message saying “windows prevented you from connecting to this insecure server ” but no.

Webdav is great. It doesn’t rely on creaky layer two protocols like the antique M$ smb / lanman crap.

Hope this helps. It worked for me.

This entry was posted on Thursday, March 4th, 2010 @ 1:20 pm on the category Uncategorized. You can follow any responses to this entry through the RSS 2.0 Responses are currently closed, but you can trackback from your own site.