Forum OpenACS Q&A: Re: webDAV Authentication Difficulties

Collapse
Posted by Dave Bauer on
Ah, another issue is that historically Microsoft WebDAV client have been broken in an astonishing number of ways. Depend on what version of IE and Microsoft office you might have installed, you could have a half a dozen instances of WebDAV running on Windows XP. Maybe in Windows 7 they have consolidated to only 1 picky version of WebDAV client.

Another option is to use a third-party client, and that is what all my users have traditionally done. There is one called WebDrive that is very popular ( I have no connection to this company, but I do have experience with the product working with OpenACS WebDAV.)

Collapse
Posted by Richard Hamilton on
Dave,

Thanks for the reply. I 've been googling around this today and it is obvious that respect for Microsoft has not been enhanced by their various webDAV implementations!!

First I thought the problem was specific to the default authentication behaviour of Windows 7, but having checked the appropriate registry key it turned out that basic authentication was switched on by default after all. I have now tried in a Windows XP VM and can confirm that this doesn't work either.

I suspect that the reason I have never been able to get this to work with any version of Windows over the years is that the particular combination of OpenACS settings I choose is incomprehensible to Microsoft. Because I always like authentication to be encrypted, I set OpenACS to redirect to https for login. However, because I am a cheapskate, most of my domains have self-signed certificates.

I suspect that even though I have entered the webDAV url as an https url complete with the port number, Windows chokes when it gets redirected for authentication on a domain with a certficate signed by an unknown CA. I have tried importing the CA but this doesn't help.

I might try spending some money on a certificate to see if that works, but given the multiplicity of potential glitches in various mod states of Windows, I think your idea of using a standalone client is probably the best one.

It really is very strange that they can't sort this out.

Regards
Richard