Windows PC Secure WebDAV Server
WebDAV allows you to securely access files over the internet using SSL encryption from a remote server that is configured as a mapped drive on a local PC using Windows Explorer. It is superior to FTP because it is far easier to implement secure WebDAV than it is to implement secure FTP (normal FTP is not a problem) if your router uses NAT (as most do).
Normal FTP is even easier than WebDAV to install and configure. Secure FTP has problems with routers that have firewall properties by wanting to use almost random ports to communicate. Firewalls protecting the server that are controlled by NAT don’t like this and generally block the communication. To overcome this problem, you either buy a router that can support secure FTP (if you can find one), or you open all ports on your router (often called a DMZ) that protect your server and remove that aspect of firewall protection for your server, thus making it accessible to anyone who knows it’s there.
Or you use WebDAV for secure file transfers, which has none of these problems.
With WebDAV, you specify the folder(s) that may be accessed, who may access them, and whether they have read only access or full access. Either a Windows 7 or above PC or Windows Server may be used as the WebDAV server and the setup is almost identical for both. If you have installed SSL on IIS, then you have already accomplished about 1/2 of the required installation. The rest is fast and fairly easy. The screen prints below demonstrate the steps involved.
If you have not yet installed an SSL certificate or have not yet installed IIS, then please read IIS and the Certificate Signing Request to learn how to install and configure secure IIS on your PC using OpenSSL. We’ll use Active Directory Certificate Services (AD CS) and domain certificates to configure SSL on Windows Server 2012 Essentials.
As a bonus, using SSL for WebDAV gives you a kind of two factor authentication with your WebDAV client access. Two factor authentication requires you to have more than a user id and password to access the server. The root certificate can serve as a requirement for a connection. If you restrict distribution of the root certificate, you will restrict access to only those who have one. No root certificate … no WebDAV access, providing you also told IIS to require SSL for access to the mapped folder (as shown below).
WebDAV installs on both Windows Server 2012 and a PC almost identically. Windows Server 2012 treats WebDAV as a function of the IIS role. To Windows PC, WebDAV is a windows feature. Afterward, the configuration is nearly identical. Configuring a WebDAV server is easy. The biggest single difference is with Windows Server 2012, you need to drill down to the virtual directory that holds the files to access and apply specific NTFS permissions for each user and/or group that will access the virtual directory. On a PC WebDAV server, you may or may not need to perform this step.
If you are using a Windows PC as your WebDAV server and IIS is available as a Windows feature, your installation screen should look similar to this one.
If you’re using Windows Server 2012 Essentials, you install WebDAV as a function of the IIS role.
Configuring WebDAV on IIS
WebDAV is simple to configure. You …
Start the IIS management console.
Define a Virtual Directory.
Tell IIS who may access it and with what level of authority.
If you’re using Windows Server 2012, drill down to the virtual directory being accessed and apply appropriate NTFS permissions.
Turn on Windows Authentication.
Require SSL access by clicking a box
Done. You do it all within the IIS management console.
You should also ensure that port 443 is forwarded to your IIS / WebDAV server on your router and DDNS has been turned on.Your root certificate also must be installed on the client and server. You should have accomplished all this when you configured SSL on IIS.
Start the Internet Information Services (IIS) Manager. Expand the directory tree on the left. On the right, it states the WebDAV server has not been enabled. Below, in the right panel, there is a selection to enable WebDAV. Click it.###
WebDav has been enabled. Right click Default Web Site in the left panel. In the pop up menu, select Add Virtual Directory.
Select a folder that you want WebDAV to access. When you map this folder as a drive, you will have to specify it in the URL. Users will have access only to this folder and everything it contains. Click OK.
Your virtual directory is now linked to your website. Next, while the virtual drive is still highlighted in the left panel, you double click WebDAV Authoring Rules in the main panel.
Specify who will have access to your virtual directory and define the type of access. For added security, you might want to create a special user with standard privilege whose sole purpose is VPN access,
Your authorized users are enumerated here.
While your virtual directory is highlighted, double click Authentication in the main window.
While your virtual directory is highlighted in the left panel, double click SSL Settings.
Select Requires SSL. Click Apply.
If you’re configuring Windows Server 2012, select and right click your virtual directory, click Edit Permissions, select the Security tab, and apply NTFS permissions as appropriate. Windows Server is far more touchy about permissions than a typical PC, however, you may also need to perform this step on your PC server.
Enabling WebDAV service on client PC
Make sure WebDAV is enabled as a service on your Windows client. Go to Control Panel / Administrative Tools / Services. Double click Services.
Locate the WebClient service. Right click and select Properties.
Set the Startup Type to Automatic. Click OK.
Map the Drives
You’re done with everything except mapping the drives from the client PC to the remote server. Mapping a WebDAV server is no different from mapping any other drive, except for how you enter the remote location.
Start Windows Explorer. Right click Computers. Select Map Network Drive. This screen appears. Fill it out like below, except enter your own URL. Decide if you want to reconnect at logon or not, your choice. Note that HTTPS and the URL is part of the folder name. Also note that you must specify the virtual drive.
When you click Finish, your PC will think for a few seconds, then present you with a logon screen. Occasionally, it does not connect the first time. If this happens to you, just try again.
This is your result … a mapped drive back to your WebDAV server. When you are done, right click your mapped drive and click Disconnect Network Drive