Saturday, October 14, 2006

QA - The PUT Method and WebDAV

Question:

Hi,

On a Win 2003 enterprise server with SP1 and IIS 6.0, when my program tries to execure HTTP PUT request, IIS returns error 501. If WebDAV is enabled then this works OK. Customer doesn't want WebDAV to be enabled so how can I get this to work ?

I have checked the permissions on the folder where PUT is supposed to write (I opened up to EVERYONE), i've also checked the Directory Security and have set Basic and NTLM on the VDIR in IIS.

Thank you in advance

Answer:

You have some contradictory desires in your statement, so I can only explain what is going on and some options. You will have to decide what works in your situation.

  • The WebDAV specification defines the PUT Method, along with other methods and abilities. The HTTP specification does not define a PUT Method.
  • IIS6 provides a global switch controlling the enablement of all WebDAV behaviors. There are no provisions to "only enable a subset of WebDAV behaviors", such as only PUT. There are provisions to allow the PUT verb (assuming it is enabled) on a per-URL basis using the "Write" IIS permission from within the IIS Manager UI.

    This is frequently confused with the "Write" NTFS ACL permission. The "Write" IIS permission controls allowing/denying the PUT Method. The "Write" permission in NTFS ACL controls whether a Windows user SID has permissions to write to that resource. Both permissions need to be aligned to allow the user feature of "uploading a file to the server" because one controls whether a user can use PUT to send the file as a data blob to the server, and the other controls whether the user's authenticated identity can write that data blob to the filesystem on the server.

  • Since your program uses PUT method to upload files to the server, it has a requirement on WebDAV.

So, your current observation is by-design. Since your program uses PUT, it has a dependency on WebDAV. And if WebDAV is disabled on IIS6, then you will get 501 errors when you make PUT requests. There is no resolution through mere configuration because your client does not want to meet the requirements of your program.

Let's think about other ways to resolve the issue by changing requirements/definitions.

  1. Change the WebDAV and HTTP specifications so that PUT is HTTP. But this is highly, highly unlikely to ever happen.
  2. Change the client requirement to allow WebDAV. This may be possible.
  3. Change WebDAV implementation in IIS to allow configurable subset of WebDAV behaviors. This is highly, highly unlikely to ever happen.
  4. Configure IIS to allow full-blown WebDAV, and run some other filter in front of IIS to remove all requests containing WebDAV methods except for PUT.
  5. Change your application to use another mechanism, like HTTP POST, along with a server-side POST Acceptor, to upload files.

Changing user permissions/ACLs and Authentication protocols have no affect on the issue of enablement of WebDAV in the virtual URL namespace because they affect operations in the physical filesystem namespace.

//David

10 comments:

Anonymous said...

David, you are simply wrong. Perhaps you should bother to read the rfc..

http://www.w3.org/Protocols/rfc2068/rfc2068

RFC 2068 HTTP/1.1 January 1997


9.6 PUT

The PUT method requests that the enclosed entity be stored under the
supplied Request-URI. If the Request-URI refers to an already
existing resource, the enclosed entity SHOULD be considered as a
modified version of the one residing on the origin server. If the
Request-URI does not point to an existing resource, and that URI is
capable of being defined as a new resource by the requesting user
agent, the origin server can create the resource with that URI. If a
new resource is created, the origin server MUST inform the user agent
via the 201 (Created) response. If an existing resource is modified,
either the 200 (OK) or 204 (No Content) response codes SHOULD be sent
to indicate successful completion of the request. If the resource
could not be created or modified with the Request-URI, an appropriate
error response SHOULD be given that reflects the nature of the
problem. The recipient of the entity MUST NOT ignore any Content-*
(e.g. Content-Range) headers that it does not understand or implement
and MUST return a 501 (Not Implemented) response in such cases.

If the request passes through a cache and the Request-URI identifies
one or more currently cached entities, those entries should be
treated as stale. Responses to this method are not cachable.

The fundamental difference between the POST and PUT requests is
reflected in the different meaning of the Request-URI. The URI in a
POST request identifies the resource that will handle the enclosed
entity. That resource may be a data-accepting process, a gateway to
some other protocol, or a separate entity that accepts annotations.
In contrast, the URI in a PUT request identifies the entity enclosed
with the request -- the user agent knows what URI is intended and the
server MUST NOT attempt to apply the request to some other resource.
If the server desires that the request be applied to a different URI,
it MUST send a 301 (Moved Permanently) response; the user agent MAY
then make its own decision regarding whether or not to redirect the
request.

A single resource MAY be identified by many different URIs. For
example, an article may have a URI for identifying "the current
version" which is separate from the URI identifying each particular
version. In this case, a PUT request on a general URI may result in
several other URIs being defined by the origin server.

HTTP/1.1 does not define how a PUT method affects the state of an
origin server.

PUT requests must obey the message transmission requirements set out
in section 8.2.

David Wang said...

Anonymous - your statement still does not change my answer. And if you want to nit-pick, please do not reference out-of-date RFCs... perhaps we all need to just chill and go read the RFC...

//David

Anonymous said...

Now do you worried about that in the game do not had enough 2moons dil to play the game, now you can not worried, my friend told me a website, in here you can buy a lot 2moons gold and only spend a little money, do not hesitate, it was really, in here we had much 2moon dil, we can sure that you will get the cheap 2moons gold, quick to come here to buy 2moons dil.

Now do you worried about that in the game do not had enough 9Dragons gold to play the game, now you can not worried, my friend told me a website, in here you can buy a lot 9 Dragons gold and only spend a little money, do not hesitate, it was really, in here we had much 9Dragons money, we can sure that you will get the cheap 9Dragons gold, quick to come here to buy 9 Dragons gold.

Adi said...

Oes Tsetnoc one of the ways in which we can learn seo besides Mengembalikan Jati Diri Bangsa. By participating in the Oes Tsetnoc or Mengembalikan Jati Diri Bangsa we can improve our seo skills. To find more information about Oest Tsetnoc please visit my Oes Tsetnoc pages. And to find more information about Mengembalikan Jati Diri Bangsa please visit my Mengembalikan Jati Diri Bangsa pages. Thank you So much.

longge said...

Black is always the designer’s favorite color, which represents elegance and mystery. More importantly, it is possibly the only color could match any occasion and outfit perfectly. louis vuitton handbags is one of the best choices from Louis vuitton bags catalogue. Just like many other louis vuitton products, lv is made of Monogram canvas, but the color of black makes the diaper bag look more cool and stylish.

shoppingugg said...

These shoes are so very gorgeous that you will be the first one to spot Louboutin Shoes styles. When you buy yourself the Christian Louboutin Pumps they allow you to present the person in the right light. This is the place where most of the high profile and elite shop and you will become one amongst Christian Louboutin Boots . The inventive and intricately constructed and put together shoes will make you feel like Christian Louboutin Sandals is going to be one perfect addition in your wardrobe.

The Hardy clothing line has become an authority on what's hot and cool in the trendsetting urban markets. It's clear that their sucecess on ED Hardy Shoes will continue to build momentum and the hardy shirts Christian Audigier team are revolutionizing modern fashion design of hardy shirt , as the create fashion history.


Even though the scarpe Hogan is lightweight and flexible, comfort was in no way compromised. hogan donna made sure to include ample cushioning. The collar and the tongue of Hogan scarpe uomo are heavily padded which lends to a very cozy feel while on the foot. This Hogan uomo in the collar provides crucial protection and support to assist in avoiding injury.

longge said...

However, ugg boots which owns a array of acclaimed designers, not abandoned delights women by contemporary styles, but aswell by absolute abundance and practicality.Sheepskin ugg is absolutely crafted from wool. Many times, uggs are befuddled abroad because they get adulterated or channelled afterwards getting beat for one season, instead of acceptable out of date. There are lots of styles in the accumulating of affidavit ugg sundance , accoutrement tall, abbreviate and abate versions. Due to adaptable sheepskin, these ugg sundance boots do not get channelled or torn even admitting you bend and extend them times.

Anonymous said...

watch saw 3d online free
watch paranormal activity 2 free
watch red movie online free
watch jackass 3d
watch hereafter movie

fgdg said...

You laugh at me for being different, but I laugh at you for being the same LOTRO Gold, the consequences of today are determined by the actions of the past Lord Of The Rings Gold, to change your future,LOTRO Gold alter your decisions today.

fgdg said...

Good love makes you see the whole world from one person while bad love makes you abandon the whole world for one person Ultimate Game Card, Men love from overlooking while women love from looking up. If love is a mountain, then if men go up, more women they will see while womenwill see fewer men Cheap Minecraft Gift Code, if you leave me, please don't comfort me because each sewing has to meet stinging pain Ultimate Game Card.