EldoS | Feel safer!

Software components for data protection, secure storage and transfer

WebDAVBlackbox Forms authentication

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 12/12/2011 11:14:05
by  Justin Williams
I was looking WebDAVBlackbox client+server package and was wondering if it supported Forms Authentication with a Sql Backend data store. I want to control access for users to specific files using my web application and not create a windows account per user.
Posted: 12/12/2011 11:49:44
by Vsevolod Ievgiienko (Team)

Thank you for interest in our products.

Sorry, but WebDAVBlackbox doesn't support Forms Authentication out of the box. Our TElWebDAVServer is a low level customizable component so you can enhance it with Forms Authentication support your-self.

with a Sql Backend data store

Do you want to store authentication data or user's data in a database? If you are asking about authentication data then you are free to choose any data storage if you'll add Forms Authentication support to our component. If you are asking about user's data then as I said above TElWebDAVServer is a low level component and data can be stored to/read from any source you need (database, file system, memory, SolFS etc.) This can be implemented using our file system virtualization layer.
Posted: 12/13/2011 12:07:52
by  Justin Williams
Thank you for your reply, I have another question regarding folder mapping.

If a user maps to a WebDAVBlackbox server folder using windows explorer, and the WebDAVBlackbox server is using authentication (any kind), is there a way to configure the WebDAVBlackbox server to prompt the user for username and password?
Posted: 12/13/2011 12:17:50
by Eugene Mayevski (Team)

The user is prompted by WebDAV client depending on server's reply. You can reply with one of HTTP 40x error codes if the user is not authenticated right. This will tell the client to prompt for credentials if needed.

Sincerely yours
Eugene Mayevski
Posted: 12/14/2011 14:57:17
by  Justin Williams
Thank you for your response. However, the "Client" is Windows Explorer. There's no way to modify that "Client" code. If we run IIS's WebDav server it sends a 401 response to the client machine and Windows Explorer prompts for a user/password. We're trying to mimic that using your WebDav Server tool to see if we want to purchase it. Since with IIS we can only use Basic Authentication tied to a Windows Account and we want to have the same functionality but tie it to a user in our application stored in the SQL database.

Within the sample 'WebDavServer' project I've set the status code to 401 in the 'On Response' event expecting windows explorer to prompt the user with a user name password box to supply their credentials, however the this does not occur. Is there an additional property or http header that i need to set in the server code to enable this? Here is what I have so far, any suggestions would be helpful.

m_webDavServ.OnResponse += m_webDavServ_OnResponse;

void m_webDavServ_OnResponse(object Sender, TElHTTPServerResponseParams Params, MemoryStream Data)
Params.StatusCode = 401;
Params.ReasonPhrase = "Not Authorized";

I've tried this on the other events as well with no success.
Posted: 12/15/2011 00:20:32
by Eugene Mayevski (Team)

There are two options available:

1) try other 40x codes
2) take a network sniffer application (ethereal is the first that comes to my mind) and spy on the connection you think is correct. Indeed it's possible that WebDAV server sends something special in response.

Sincerely yours
Eugene Mayevski
Posted: 12/15/2011 02:07:54
by Vsevolod Ievgiienko (Team)

Try to add WWW-Authenticate header to the server response (see http://en.wikipedia.org/wiki/Basic_ac...ntication). The event handler will look like this:
void m_webDavServ_OnResponse(object Sender, TElHTTPServerResponseParams Params, MemoryStream Data)
Data.SetLength(0); // clean server response data
Params.StatusCode = 401;
Params.ReasonPhrase = "Not Authorized";
Params.CustomHeaders.Add("WWW-Authenticate: Basic realm=\"Secure Area\"");
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.



Topic viewed 1440 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!