How to tell which authentication protocols can be used with WebDAV.

When you do an anonymous POST to the “exchange” virtual folder, you will get back a response which will tell you about which authentication protocols are supported.  Each “WWW-Authenticate:” header in the response tells you which type of authentication method is supported.  If you get back a 440 Login Timeout with no “WWW-Authenticate:” headers and you do get back “Set-Cookie: “ headers then FBA is likely on.  If you get back a 401 Unauthorized and “WWW-Authenticate:” headers, then FBA is off.  If you get back a 500 error, then there is probably no authentication enabled (ie just Anonymous authentication is on).   FBA Authentication is an override to other authentication methods.  Checking the “WWW-Authenticate:” using this method can be used for checking authentication when any other Web API is used - such as EWS and EAS (Exchange Server ActiveSync).

If you do an Anonymous OPTIONS POST such as the following:

User-Agent: Fiddler
Translate: F

With FBA Enabled you will get back this:

HTTP/1.1 440 Login Timeout
Content-Length: 43
Content-Type: text/html
Set-Cookie: sessionid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: cadata=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 20 Sep 2011 23:15:08 GMT
<HTML><BODY>440 Login Timeout</BODY></HTML>


With FBA not enabled you will get back this:

HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm=""
X-Powered-By: ASP.NET
Date: Tue, 20 Sep 2011 23:20:15 GMT
Content-Length: 6283
Proxy-Support: Session-Based-Authentication

Here are some tools which you might find helpful for doing a POST:

WFetch 1.4

HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections


Note that Fiddler is not a Microsoft prodcut, so we cannot endorse it.  However, it is used here at MS quite a bit in Support. This tool can both capture traces and issue/re-issue POST.  The RAW tabs are useful for seeing the actual requests and responses.