Advertisements

Windows PC Secure WebDAV Server

jin-jang2

WebDAV allows you to securely access files over the internet using SSL encryption from a remote server that is configured as a mapped drive on a local PC using Windows Explorer. It is superior to FTP because it is far easier to implement secure WebDAV than it is to implement secure FTP (normal FTP is not a problem) if your router uses NAT (as most do)

Normal FTP is even easier than WebDAV to install and configure. Secure FTP has problems with routers that have firewall properties by wanting to use almost random ports to communicate. Firewalls protecting the server that are controlled by NAT don’t like this and generally block the communication. To overcome this problem, you either buy a router that can support secure FTP (if you can find one), or you open all ports on your router (often called a DMZ)  that protect your server and remove that aspect of firewall protection for your server, thus making it accessible to anyone who knows it’s there.

Or you use WebDAV for secure file transfers, which has none of these problems.

With WebDAV, you specify the folder(s) that may be accessed, who may access them,  and whether they have read only access or full access. Either a Windows 7 or above PC or Windows Server may be used as the WebDAV server and the setup is almost identical for both. If you have installed SSL on IIS, then you have already accomplished about 1/2 of the required installation. The rest is fast and fairly easy. The screen prints below demonstrate the steps involved.

If you have not yet installed an SSL certificate or have not yet installed IIS, then please read IIS and the Certificate Signing Request to learn how to install and configure secure IIS on your PC using OpenSSL. We’ll use Active Directory Certificate Services (AD CS) and domain certificates to configure SSL on Windows Server 2012 Essentials.

As a bonus, using SSL for WebDAV gives you a kind of two factor authentication with your WebDAV client access. Two factor authentication requires you to have more than a user id and password to access the server.  The root certificate can serve as  a requirement for a connection. If you restrict distribution of the root certificate, you will restrict access to only those who have one. No root certificate … no WebDAV access, providing you also told IIS to require SSL for access to the mapped folder (as shown below).

Installing WebDAV

WebDAV installs on both Windows Server 2012 and a PC almost identically.  Windows Server 2012 treats WebDAV as a function of the IIS role.  To Windows PC, WebDAV is a windows feature. Afterward, the configuration is nearly identical. Configuring a WebDAV server is easy. The biggest single difference is with Windows Server 2012, you need to drill down to the virtual directory that holds the files to access and apply specific NTFS permissions for each user and/or group that will access the virtual directory. On a PC WebDAV server, you may or may not need to perform this step.

If you are using a Windows PC as your WebDAV server and IIS is available as a Windows feature, your installation screen should look similar to this one.

webdav - pc01Done.

If you’re using Windows Server 2012 Essentials,  you install WebDAV as a function of the IIS role.

webdav - iis install server 2012Done

###

Configuring WebDAV on IIS

WebDAV is simple to configure.  You …

Start the IIS management console.

Enable WebDAV.

Define a Virtual Directory.

Tell IIS who may access it and with what level of authority.

If you’re using Windows Server 2012, drill down to the virtual directory being accessed and apply appropriate NTFS permissions.

Turn on Windows Authentication.

Require SSL access by clicking a box

Done. You do it all within the IIS management console.

You should also ensure that port 443 is forwarded to your IIS / WebDAV server on your router and DDNS has been turned on.Your root certificate also must be installed on the client and server. You should have accomplished all this when you configured SSL on IIS.

###

Start the Internet Information Services (IIS) Manager.  Expand the directory tree on the left.  On the right, it states the WebDAV server has not been enabled. Below, in the right panel, there is a selection to enable WebDAV. Click it.webdav - pc03###

WebDav has been enabled. Right click Default Web Site in the left panel. In the pop up menu, select Add Virtual Directory.

webdav - pc04a

###

Select a folder that you want WebDAV to access. When you map this folder as a drive, you will have to specify it in the URL. Users will have access only to this folder and everything it contains. Click OK.

webdav - pc04b###

Your virtual directory is now linked to your website. Next, while the virtual drive is still highlighted in the left panel, you double click WebDAV Authoring Rules in the main panel.

webdav - pc04###

Specify who will have access to your virtual directory and define the type of access. For added security, you might want to create a special user with standard privilege whose sole purpose is VPN access,

webdav - pc05c###

Your authorized users are enumerated here.

webdav - pc06###

While your virtual directory is highlighted, double click Authentication in the main window.

webdav - pc08###

Enable Windows Authentication.webdav - pc09###

While your virtual directory is highlighted in the left panel, double click SSL Settings.

webdav - pc23###

Select Requires SSL. Click Apply.

webdav - pc10###

If you’re configuring Windows Server 2012, select and right click your virtual directory, click Edit Permissions, select the Security tab, and apply NTFS permissions as appropriate. Windows Server is far more touchy about permissions than a typical PC, however, you may also need to perform this step on your PC server.

webdav server ntfsYou are done configuring your WebDAV server.

Enabling WebDAV service on client PC

Make sure WebDAV is enabled as a service on your Windows client. Go to Control Panel / Administrative Tools / Services. Double click Services.

webdav - client01

###

Locate the WebClient service. Right click and select Properties.

webdav - client02

###

Set the Startup Type to Automatic. Click OK.

webdav - client05

Done.

###

Map the Drives

You’re done with everything except mapping the drives from the client PC to the remote server. Mapping a WebDAV server is no different from mapping any other drive, except for how you enter the remote location.

Start Windows Explorer. Right click Computers. Select Map Network Drive. This screen appears. Fill it out like below, except enter your own URL. Decide if you want to reconnect at logon or not, your choice. Note that HTTPS and the URL is part of the folder name. Also note that you must specify the virtual drive.

When you click Finish, your PC will think for a few seconds, then present you with a logon screen. Occasionally, it does not connect the first time. If this happens to you, just try again.

webdav - client03

###

This is your result … a mapped drive back to your WebDAV server.  When you are done, right click your mapped drive and click  Disconnect Network Drive

webdav - client04

Advertisements

7 Comments on “Windows PC Secure WebDAV Server”

  1. yayaigo says:

    I already create vpnusr
    but I can’t find vpnusr in the “Edit Permissions/Security tab”
    I don’t know why

  2. floriszweb says:

    Default you can not upload files greater than 30MB. I found a solution how to make this higher.
    see my post on the following website. It has to do with the request filtering in IIS.
    https://forums.iis.net/t/1153941.aspx?iis+7+WebDav+upload+file+size+limit+only+50+KB


Have Something To Add?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s