Configuring a WebDAV Server (Windows Embedded CE 6.0)
1/6/2010
The WebDAV protocol is defined by RFC 2518. RFC 2518 defines a number of verbs, such as delete and copy that correspond to desired actions performed on the WebDAV server.
Configuring user permissions to a WebDAV share is the same as configuring Web Server virtual roots. For more information about configuring virtual roots, see Virtual Path Settings.
Note
To map to a virtual root share, WebDAV clients require that directory browsing is enabled. By default, directory browsing is not enabled. You can enable directory browsing by setting DirBrowse to a nonzero value in the registry. For more information, see Base Registry Settings.
To help understand what happens when a WebDAV client sends a command to a WebDAV server, the following example shows the sequence of events.
In this example, a Windows Embedded CE-based device has an existing virtual root mapping between /MyURL and \Windows\MyPath.
The user wants to delete http://<Device Name>/MyURL/<File name>.
The WebDAV client sends the HTTP header information to the device.
The following example shows the header:DELETE /MyURL/<File name> HTTP/1.1 [extra header information]When the device receives the request, the Web Server parses out the /MyURL URL and verifies the user access permission to /MyURL virtual directory.
If the user does not have access the virtual directory, the Web Server will return an unauthorized code to the client. Most clients will prompt the user for a user name and password and attempt to authenticate the user.
- or -
If the user has access to the virtual root, the Web Server maps the virtual root /MyURL to the physical directory \Windows\MyPath.The Web Server examines the HTTP verb from the header, DELETE in this example, and dispatches a request to WebDAV.
WebDAV checks the user permission in the registry to verify that the write permission is enabled.
The permissions are set in the registry and loaded when the Web Server starts. For more information, see Web Server Authentication and Permissions.If the user does not have write permission, WebDAV returns an error to the client and ends the request.
– or -
If the user has write permission, WebDAV attempts to delete the file and returns the status of the operation to the client.Note
By default, if the permission value in the registry does not exist, then only generic reading is enabled.
The write permission allows users to view, delete, and create any file unless the file extension is .asp or .dll. In addition, users are not allowed to access script mapped files. This prevents users from modifying and adding scripts that the Web Server can run.
To allow users to access Web Server scripts, you can set the HSE_URL_FLAGS_SCRIPTS_SOURCE permission flag in the P value in the registry. For more information, see Web Server Authentication and Permissions.
Sample Virtual Roots
The following examples show how to map the file \Windows\www and set permission levels.
To create a share named /ReadOnly that gives a user read-only permission, use the following registry key:
[HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\/ReadOnly] @="\\Windows\\www" "P"=dword:205 "DirBrowse"=dword:1In this example, the P values are HSE_URL_FLAGS_READ | HSE_URL_FLAGS_EXECUTE | HSE_URL_FLAGS_SCRIPT.
To create a share named /Write that gives a user read and write permissions for all files except server scripts, use the following registry key:
[HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\/Write] @="\\Windows\\www" "P"=dword:207 "DirBrowse"=dword:1In this example, the P values are HSE_URL_FLAGS_READ | HSE_URL_FLAGS_EXECUTE | HSE_URL_FLAGS_SCRIPT | HSE_URL_FLAGS_WRITE.
To create a share named /WriteScript that gives a user permission to read and write for all files including scripts, use the following registry key:
HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\/Write] @="\\Windows\\www" "p"=dword:207 "DirBrowse"=dword:1In this example, the P values are HSE_URL_FLAGS_READ | HSE_URL_FLAGS_EXECUTE | HSE_URL_FLAGS_SCRIPT | HSE_URL_FLAGS_WRITE | HSE_URL_FLAGS_SCRIPT_SOURCE.
.gif "Ee499026.security(en-US,WinEmbedded.60).gif")
Security Note:Be careful when using the HSE_URL_FLAGS_SCRIPTS_SOURCE and HSE_URL_FLAGS_WRITE at the same time. This combination allows users to upload ASP pages and ISAPI extensions to the device.