EldoS | Feel safer!

Software components for data protection, secure storage and transfer

WebDAVBlackbox Forms authentication

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#18453
Posted: 12/12/2011 11:14:05
by  Justin Williams
I was looking WebDAVBlackbox client+server package and was wondering if it supported Forms Authentication with a Sql Backend data store. I want to control access for users to specific files using my web application and not create a windows account per user.
#18454
Posted: 12/12/2011 11:49:44
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for interest in our products.

Sorry, but WebDAVBlackbox doesn't support Forms Authentication out of the box. Our TElWebDAVServer is a low level customizable component so you can enhance it with Forms Authentication support your-self.

Quote
with a Sql Backend data store

Do you want to store authentication data or user's data in a database? If you are asking about authentication data then you are free to choose any data storage if you'll add Forms Authentication support to our component. If you are asking about user's data then as I said above TElWebDAVServer is a low level component and data can be stored to/read from any source you need (database, file system, memory, SolFS etc.) This can be implemented using our file system virtualization layer.
#18467
Posted: 12/13/2011 12:07:52
by  Justin Williams
Thank you for your reply, I have another question regarding folder mapping.

If a user maps to a WebDAVBlackbox server folder using windows explorer, and the WebDAVBlackbox server is using authentication (any kind), is there a way to configure the WebDAVBlackbox server to prompt the user for username and password?
#18468
Posted: 12/13/2011 12:17:50
by Eugene Mayevski (EldoS Corp.)

The user is prompted by WebDAV client depending on server's reply. You can reply with one of HTTP 40x error codes if the user is not authenticated right. This will tell the client to prompt for credentials if needed.


Sincerely yours
Eugene Mayevski
#18480
Posted: 12/14/2011 14:57:17
by  Justin Williams
Thank you for your response. However, the "Client" is Windows Explorer. There's no way to modify that "Client" code. If we run IIS's WebDav server it sends a 401 response to the client machine and Windows Explorer prompts for a user/password. We're trying to mimic that using your WebDav Server tool to see if we want to purchase it. Since with IIS we can only use Basic Authentication tied to a Windows Account and we want to have the same functionality but tie it to a user in our application stored in the SQL database.

Within the sample 'WebDavServer' project I've set the status code to 401 in the 'On Response' event expecting windows explorer to prompt the user with a user name password box to supply their credentials, however the this does not occur. Is there an additional property or http header that i need to set in the server code to enable this? Here is what I have so far, any suggestions would be helpful.

m_webDavServ.OnResponse += m_webDavServ_OnResponse;

void m_webDavServ_OnResponse(object Sender, TElHTTPServerResponseParams Params, MemoryStream Data)
{
Params.StatusCode = 401;
Params.ReasonPhrase = "Not Authorized";
}

I've tried this on the other events as well with no success.
#18482
Posted: 12/15/2011 00:20:32
by Eugene Mayevski (EldoS Corp.)

There are two options available:

1) try other 40x codes
2) take a network sniffer application (ethereal is the first that comes to my mind) and spy on the connection you think is correct. Indeed it's possible that WebDAV server sends something special in response.


Sincerely yours
Eugene Mayevski
#18483
Posted: 12/15/2011 02:07:54
by Vsevolod Ievgiienko (EldoS Corp.)

Try to add WWW-Authenticate header to the server response (see http://en.wikipedia.org/wiki/Basic_ac...ntication). The event handler will look like this:
Code
void m_webDavServ_OnResponse(object Sender, TElHTTPServerResponseParams Params, MemoryStream Data)
{
Data.SetLength(0); // clean server response data
Params.StatusCode = 401;
Params.ReasonPhrase = "Not Authorized";
Params.CustomHeaders.Add("WWW-Authenticate: Basic realm=\"Secure Area\"");
}
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 1326 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!