Next, I add an SPN, using the following command, the results are shown in Figure 7. I check to see what SPNs already exist for the root\administrator by executing the following command, the results are shown in Figure 6.įigure 6, checking existing SPNs using SETSPN –L What needs to happen is an SPN needs to be created for the identity of the Application Pool on the IIS server. There are enough SPN articles so the instructions are here just you setup the right one and not providing details about what it does and how it works. I think the concept is conquerable, it just takes time and experience. I read some articles about SPNs and some say they are simple and other say they are complicated. NOTE: Don’t forget to go back and change the Application to use this new Application Pool and set system.webServer/security/authentication/windowsAuthentication/ useAppPoolCredentials to True. Select the Custom Account radio button, enter the credentials for the domain account and select the OK button and OK again and OK again…until you are back in the IIS Management console.
#Windows webdav client plugin windows
Once opened, click on the ApplicationPoolIdentity and the … button to open the windows illustrated in Figure 5.įigure 5, Change the identity of the Application Pool To do this click on the WebDAVUNC which was just created and on the right-hand side of the IIS Management console in the Action pane, select the Advanced Settings… link. The default application pool identity is set to ApplicationPoolIdentity which we need to change to a domain account. Name the Application Pool, for example, WebDAVUNC and leave all the other default settings as they are, excluding one. The reason for converting the Virtual Directory to an Application is so that we can associate a different application pool to the Application instead of using the DefaultAppPool that is used for the content of the rest of the Default Web Site.Ĭreate a new Application Pool by right-clicking on the Application Pools feature and then click the Add Application Pool… menu item as shown in Figure 4.įigure 4, creating a new Application Pool for WebDAV Configuring the Application Pool of the Application NOTE: You will need to enable Windows Authentication and disable Anonymous Authentication. Convert the Virtual Directory to an Application by right-clicking on the WebDAV folder and selecting Convert to Application and then press the OK button. This error message might deter administrators from continuing or make them take unnecessary analysis steps. The reason I do it this way is because if you try to map the UNC from an Application you are likely to get an error message.
The next step is to convert this Virtual Directory to an Application. Enter the details similar to that shown in Figure 3, then select the OK button.įigure 3, configuring a Virtual Directory for use with WebDAV and map to a UNC Right-click on Default Web Site and select Add Virtual Directory. Login to your IIS server and create a new which points to the UNC share. For example in Figure 1 where I have granted Read/Write permission to the Administrator and Read permission to Benjamin Perkins.įigure 1, Create a UNC share to use with WebDAVĬlick on the Share button and write down the name of the share rendered in a window similar to that shown in Figure 2.įigure 2, the UNC share detail for use with WebDAV Mapping a Virtual Directory to a UNC share On your file share server, share the folder you wish to make accessible using WebDAV. Delegating authentication for the Application Pool Identity.Configuring the Application Pool of the Application.Mapping a Virtual Directory to a UNC share.Creating a UNC File share for WebDAV to access and granting the appropriate access.The remaining portion of this article focuses on 5 tasks: I assume you have a Windows Server with IIS 7+ installed and you have installed and configured WebDAV using the instructions here. Consider this a baseline only for getting things rolling. I think that if someone can use this article to get a working proof of concept quickly, then changing or enhancing it to meet your specific needs would happen much faster. I want to make clear that there are numerous ways of configuring this and there are numerous Kerberos/Windows Authentication configuration possibilities based on different SPNs, IE Zones, Application Pool identities, etc… This article is intended to provide 1 possible, unofficial, approach. I have spent some hours setting up a solution defined in the title of this article.
0 kommentar(er)
