Saturday, October 14, 2006

QA - The PUT Method and WebDAV

Question:

Hi,

On a Win 2003 enterprise server with SP1 and IIS 6.0, when my program tries to execure HTTP PUT request, IIS returns error 501. If WebDAV is enabled then this works OK. Customer doesn't want WebDAV to be enabled so how can I get this to work ?

I have checked the permissions on the folder where PUT is supposed to write (I opened up to EVERYONE), i've also checked the Directory Security and have set Basic and NTLM on the VDIR in IIS.

Thank you in advance

Answer:

You have some contradictory desires in your statement, so I can only explain what is going on and some options. You will have to decide what works in your situation.

  • The WebDAV specification defines the PUT Method, along with other methods and abilities. The HTTP specification does not define a PUT Method.
  • IIS6 provides a global switch controlling the enablement of all WebDAV behaviors. There are no provisions to "only enable a subset of WebDAV behaviors", such as only PUT. There are provisions to allow the PUT verb (assuming it is enabled) on a per-URL basis using the "Write" IIS permission from within the IIS Manager UI.

    This is frequently confused with the "Write" NTFS ACL permission. The "Write" IIS permission controls allowing/denying the PUT Method. The "Write" permission in NTFS ACL controls whether a Windows user SID has permissions to write to that resource. Both permissions need to be aligned to allow the user feature of "uploading a file to the server" because one controls whether a user can use PUT to send the file as a data blob to the server, and the other controls whether the user's authenticated identity can write that data blob to the filesystem on the server.

  • Since your program uses PUT method to upload files to the server, it has a requirement on WebDAV.

So, your current observation is by-design. Since your program uses PUT, it has a dependency on WebDAV. And if WebDAV is disabled on IIS6, then you will get 501 errors when you make PUT requests. There is no resolution through mere configuration because your client does not want to meet the requirements of your program.

Let's think about other ways to resolve the issue by changing requirements/definitions.

  1. Change the WebDAV and HTTP specifications so that PUT is HTTP. But this is highly, highly unlikely to ever happen.
  2. Change the client requirement to allow WebDAV. This may be possible.
  3. Change WebDAV implementation in IIS to allow configurable subset of WebDAV behaviors. This is highly, highly unlikely to ever happen.
  4. Configure IIS to allow full-blown WebDAV, and run some other filter in front of IIS to remove all requests containing WebDAV methods except for PUT.
  5. Change your application to use another mechanism, like HTTP POST, along with a server-side POST Acceptor, to upload files.

Changing user permissions/ACLs and Authentication protocols have no affect on the issue of enablement of WebDAV in the virtual URL namespace because they affect operations in the physical filesystem namespace.

//David

5 comments:

Anonymous said...

David, you are simply wrong. Perhaps you should bother to read the rfc..

http://www.w3.org/Protocols/rfc2068/rfc2068

RFC 2068 HTTP/1.1 January 1997


9.6 PUT

The PUT method requests that the enclosed entity be stored under the
supplied Request-URI. If the Request-URI refers to an already
existing resource, the enclosed entity SHOULD be considered as a
modified version of the one residing on the origin server. If the
Request-URI does not point to an existing resource, and that URI is
capable of being defined as a new resource by the requesting user
agent, the origin server can create the resource with that URI. If a
new resource is created, the origin server MUST inform the user agent
via the 201 (Created) response. If an existing resource is modified,
either the 200 (OK) or 204 (No Content) response codes SHOULD be sent
to indicate successful completion of the request. If the resource
could not be created or modified with the Request-URI, an appropriate
error response SHOULD be given that reflects the nature of the
problem. The recipient of the entity MUST NOT ignore any Content-*
(e.g. Content-Range) headers that it does not understand or implement
and MUST return a 501 (Not Implemented) response in such cases.

If the request passes through a cache and the Request-URI identifies
one or more currently cached entities, those entries should be
treated as stale. Responses to this method are not cachable.

The fundamental difference between the POST and PUT requests is
reflected in the different meaning of the Request-URI. The URI in a
POST request identifies the resource that will handle the enclosed
entity. That resource may be a data-accepting process, a gateway to
some other protocol, or a separate entity that accepts annotations.
In contrast, the URI in a PUT request identifies the entity enclosed
with the request -- the user agent knows what URI is intended and the
server MUST NOT attempt to apply the request to some other resource.
If the server desires that the request be applied to a different URI,
it MUST send a 301 (Moved Permanently) response; the user agent MAY
then make its own decision regarding whether or not to redirect the
request.

A single resource MAY be identified by many different URIs. For
example, an article may have a URI for identifying "the current
version" which is separate from the URI identifying each particular
version. In this case, a PUT request on a general URI may result in
several other URIs being defined by the origin server.

HTTP/1.1 does not define how a PUT method affects the state of an
origin server.

PUT requests must obey the message transmission requirements set out
in section 8.2.

David Wang said...

Anonymous - your statement still does not change my answer. And if you want to nit-pick, please do not reference out-of-date RFCs... perhaps we all need to just chill and go read the RFC...

//David

Unknown said...

Black is always the designer’s favorite color, which represents elegance and mystery. More importantly, it is possibly the only color could match any occasion and outfit perfectly. louis vuitton handbags is one of the best choices from Louis vuitton bags catalogue. Just like many other louis vuitton products, lv is made of Monogram canvas, but the color of black makes the diaper bag look more cool and stylish.

Unknown said...

These shoes are so very gorgeous that you will be the first one to spot Louboutin Shoes styles. When you buy yourself the Christian Louboutin Pumps they allow you to present the person in the right light. This is the place where most of the high profile and elite shop and you will become one amongst Christian Louboutin Boots . The inventive and intricately constructed and put together shoes will make you feel like Christian Louboutin Sandals is going to be one perfect addition in your wardrobe.

The Hardy clothing line has become an authority on what's hot and cool in the trendsetting urban markets. It's clear that their sucecess on ED Hardy Shoes will continue to build momentum and the hardy shirts Christian Audigier team are revolutionizing modern fashion design of hardy shirt , as the create fashion history.


Even though the scarpe Hogan is lightweight and flexible, comfort was in no way compromised. hogan donna made sure to include ample cushioning. The collar and the tongue of Hogan scarpe uomo are heavily padded which lends to a very cozy feel while on the foot. This Hogan uomo in the collar provides crucial protection and support to assist in avoiding injury.

Unknown said...

However, ugg boots which owns a array of acclaimed designers, not abandoned delights women by contemporary styles, but aswell by absolute abundance and practicality.Sheepskin ugg is absolutely crafted from wool. Many times, uggs are befuddled abroad because they get adulterated or channelled afterwards getting beat for one season, instead of acceptable out of date. There are lots of styles in the accumulating of affidavit ugg sundance , accoutrement tall, abbreviate and abate versions. Due to adaptable sheepskin, these ugg sundance boots do not get channelled or torn even admitting you bend and extend them times.