IIS - WebDav mapped folder is readonly

Question

IIS - WebDav mapped folder is readonly

Varun Arora 6

Hello,

I am trying to setting up the WebDav in IIS 8 on Windows Server 2012 with a custom website with SSL enabled.

I followed these links:
https://learn.microsoft.com/en-us/iis/install/installing-publishing-technologies/installing-and-configuring-webdav-on-iis#installing-webdav-on-iis-80-and-iis-85
https://learn.microsoft.com/en-us/iis/publish/using-webdav/using-the-webdav-redirector

PROBLEM: The mapped folder with url is readonly, if I try to edit any document or add any document in that mapped folder I get "Access Denied"
IIS Logs: 2021-12-10 13:00:44 172.16.200.174 PUT /New+Text+Document.txt - 443 - 172.16.200.174 Microsoft-WebDAV-MiniRedir/6.2.9200 - 401 0 5 0

Can you please let me know what wrong we could be doing?

Following are some screenshots of the WebDav and IIS Configuration:

IIS Authentication to custom website:

WebDav Authoring Rule

NTFS Permission to folder

Thanks,
Varun

7 answers

Your answer

Answer 1

Hi @Varun Arora ,

This behavior is by design. In IIS writing to the WebDAV directory anonymously is not allowed. So you need to configure the WebDav Authoring Rule to specified user or roles such as administrator.

You can refer to this docs about new webDAV on IIS 7 and above.

In WebDAV for IIS 7.0 and above we changed this behavior so that all WebDAV activity would require authentication, but we allow for the use of anonymous PROPFINDs for backward-compatibility with some WebDAV clients. (More specifically, the PUT, MKCOL, PROPPATCH, COPY, MOVE, DELETE, and WebDAV-based GET requests all require authentication.)

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Bruce Zhang

Varun Arora 6 Reputation points

2021-12-14T02:29:36.863+00:00

Thanks for coming back to me.

Ok, I configured Authoring Rule for one admin user and logged in with that user to the server.

As soon as I go map the drive I get below error:

System error 1920 has occurred.
The file cannot be accessed by the system.

I tried change the configuration to use Administrators group, but the result is same.

Can you please let me know what am I doing wrong or what am I missing?

Thanks,
Varun

Answer 2

Hi @Varun Arora ,

I follow the docs and it works very well. I notice that you use https not http, and sample image on docs is http. So I use https test again, it failed.

Please follow the docs to use http and try again.

Though all WebDAV activity would require authentication, you can still select all users when edit authoring rule because it will ask for credentials when connect to network driver.

Another thing is please check the Authorization Rules at site level, make sure the rule will allow all users. This rule will auto inherit from server level, just for confirm.

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Bruce Zhang

Answer 3

Varun Arora 6

Thanks for coming back to me so quickly.

I mentioned in the question body that its a custom website (not default website) with SSL Enabled. Sorry for any confusion.

We need SSL to be enabled. When I give select all users in the Auth rule I am able to map the website but unable to modify the folder like pasting any file gives me permission issue:

BTW, I also created a test website with http and setup the auth rule like below:

Results are same, I was able to create the mapped folder but unable to write to it:

I also copied the error message from IIS logs in my original question earlier about 401 issue.

IIS Logs: 2021-12-10 13:00:44 172.16.200.174 PUT /New+Text+Document.txt - 443 - 172.16.200.174 Microsoft-WebDAV-MiniRedir/6.2.9200 - 401 0 5 0

Thanks,
Varun

Bruce Zhang-MSFT 3,771 Reputation points

2021-12-15T05:19:30.287+00:00

Hi @Varun Arora ,

Can you show the complete applicationhost.config file? According to the screenshot, there is no problem with the steps you have done. Maybe there is some hidden configuration that caused the failure.
Varun Arora 6 Reputation points

2021-12-15T15:41:49.41+00:00

Can I send you via email. Attachment not working it says "No Such Upload", I tried converting to txt and xml both.
!
Varun Arora 6 Reputation points

2021-12-15T16:34:12.517+00:00

@Bruce Zhang-MSFT I had post it as answer in order to share the applicationhost file, the upload is not working in chrome and edge.

Please review.

Thanks,
Varun

Answer 4

Please see below. Attachment not working it says "No Such Upload", I tried converting to txt and xml both.
![157973-image.png][1]

<?xml version="1.0" encoding="UTF-8"?>
<!--

IIS configuration sections.  

For schema documentation, see  
%windir%\system32\inetsrv\config\schema\IIS_schema.xml.  
  
Please make a backup of this file before making any changes to it.

-->

<!--  

    The <configSections> section controls the registration of sections.  
    Section is the basic unit of deployment, locking, searching and  
    containment for configuration settings.  
      
    Every section belongs to one section group.  
    A section group is a container of logically-related sections.  
      
    Sections cannot be nested.  
    Section groups may be nested.  
      
    <section  
        name=""  [Required, Collection Key] [XML name of the section]  
        allowDefinition="Everywhere" [MachineOnly|MachineToApplication|AppHostOnly|Everywhere] [Level where it can be set]  
        overrideModeDefault="Allow"  [Allow|Deny] [Default delegation mode]  
        allowLocation="true"  [true|false] [Allowed in location tags]  
    />  
      
    The recommended way to unlock sections is by using a location tag:  
    <location path="Default Web Site" overrideMode="Allow">  
        <system.webServer>  
            <asp />  
        </system.webServer>  
    </location>  

-->  
<configSections>  
    <sectionGroup name="system.applicationHost">  
        <section name="applicationPools" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="configHistory" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="customMetadata" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="listenerAdapters" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="log" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="serviceAutoStartProviders" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="sites" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="webLimits" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
    </sectionGroup>  

    <sectionGroup name="system.webServer">  
        <section name="asp" overrideModeDefault="Deny" />  
        <section name="caching" overrideModeDefault="Allow" />  
        <section name="cgi" overrideModeDefault="Deny" />  
        <section name="defaultDocument" overrideModeDefault="Allow" />  
        <section name="directoryBrowse" overrideModeDefault="Allow" />  
        <section name="fastCgi" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="globalModules" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="handlers" overrideModeDefault="Deny" />  
        <section name="httpCompression" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
        <section name="httpErrors" overrideModeDefault="Allow" />  
        <section name="httpLogging" overrideModeDefault="Deny" />  
        <section name="httpProtocol" overrideModeDefault="Allow" />  
        <section name="httpRedirect" overrideModeDefault="Allow" />  
        <section name="httpTracing" overrideModeDefault="Deny" />  
        <section name="isapiFilters" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />  
        <section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />  
        <section name="applicationInitialization" allowDefinition="MachineToApplication" overrideModeDefault="Allow" />  
        <section name="odbcLogging" overrideModeDefault="Deny" />  
        <sectionGroup name="security">  
            <section name="access" overrideModeDefault="Deny" />  
            <section name="applicationDependencies" overrideModeDefault="Deny" />  
            <sectionGroup name="authentication">  
                <section name="anonymousAuthentication" overrideModeDefault="Deny" />  
                <section name="basicAuthentication" overrideModeDefault="Deny" />  
                <section name="clientCertificateMappingAuthentication" overrideModeDefault="Deny" />  
                <section name="digestAuthentication" overrideModeDefault="Deny" />  
                <section name="iisClientCertificateMappingAuthentication" overrideModeDefault="Deny" />  
                <section name="windowsAuthentication" overrideModeDefault="Deny" />  
            </sectionGroup>  
            <section name="authorization" overrideModeDefault="Allow" />  
            <section name="ipSecurity" overrideModeDefault="Deny" />  
            <section name="dynamicIpSecurity" overrideModeDefault="Deny" />  
            <section name="isapiCgiRestriction" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />  
            <section name="requestFiltering" overrideModeDefault="Allow" />  
        </sectionGroup>  
        <section name="serverRuntime" overrideModeDefault="Deny" />  
        <section name="serverSideInclude" overrideModeDefault="Deny" />  
        <section name="staticContent" overrideModeDefault="Allow" />  
        <sectionGroup name="tracing">  
            <section name="traceFailedRequests" overrideModeDefault="Allow" />  
            <section name="traceProviderDefinitions" overrideModeDefault="Deny" />  
        </sectionGroup>  
        <section name="urlCompression" overrideModeDefault="Allow" />  
        <section name="validation" overrideModeDefault="Allow" />  
        <sectionGroup name="webdav">  
            <section name="globalSettings" overrideModeDefault="Deny" />  
            <section name="authoring" overrideModeDefault="Deny" />  
            <section name="authoringRules" overrideModeDefault="Deny" />  
        </sectionGroup>  
        <section name="webSocket" overrideModeDefault="Deny" />  
        <section name="aspNetCore" overrideModeDefault="Allow" />  
    </sectionGroup>  
    <sectionGroup name="system.ftpServer">  
        <section name="log" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />  
        <section name="firewallSupport" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />  
        <section name="caching" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />  
        <section name="providerDefinitions" overrideModeDefault="Deny" />  
        <sectionGroup name="security">  
            <section name="ipSecurity" overrideModeDefault="Deny" />  
            <section name="requestFiltering" overrideModeDefault="Deny" />  
            <section name="authorization" overrideModeDefault="Deny" />  
            <section name="authentication" overrideModeDefault="Deny" />  
        </sectionGroup>  
        <section name="serverRuntime" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />  
    </sectionGroup>  
</configSections>  

<configProtectedData>  
    <providers>  
        <add name="IISWASOnlyRsaProvider" type="" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useMachineContainer="true" useOAEP="false" />  
        <add name="AesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisConfigurationKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="AQIAAA5mAAAApAAAAK0FlhTNahHkOfz33H+94dXCbSbk+p6SRe8s5cJL3wa5n2LS+7tsEeEjKawcwqrssW2xuPH+iwHtj7b3YTNFWmYivZOjko1WA0KDtqV7h3v/ZV1y26Tom5E9XW3MCFsAx+HRu7r8XHsuYSoGXQZasuRTJC77h8pPQzJDgyiH9z4bKD7duHn3U8XupI3z5OrHncGU4gV1GiZ8illAFvh78UbvguK/e+VCdgN2+DZDsGvzXaA/7WByFP5VSOofO7QcqUfnUuMvaxDg10ANX+zyvifAwUMLdzNk8d6vDUcd1KhJHQqdXXMmCMsHwSSPW51OdbIi/QGPGQSZNUqydWlkLQ==" />  
        <add name="IISWASOnlyAesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="AQIAAA5mAAAApAAAsU0ixKZZ48Gdi+tvk2zkYEtWgULnL7z2+RyMur95Qoye5MlPFpiMVS+Jjb3GIHdR8X+sdzsDj3Wg0xu4Qk+mFCTD3gH6FdlEa6Sxz991TePlMcinej0OLQt/fWItagLS+UWTgZHzK6DA5+7fQt3Vov36TJQKNE2c27T3y0j77u2AJqilnPPsvuPwG9xliQrzLtmGxxzDp4/NOloFsrULy2NOveD9DSZiKV453PA1hYrc8tCbC6uBUNp4D+dZBso5bAc/n2ncAk5XmMNpM5wg5GcVXBbGCqOgaagUxWOfyRve5Ucc4QfMSm2iUmefgUUZW+ID8aMbKYZxDDaiNow8WA==" />  
    </providers>  
</configProtectedData>  

<system.applicationHost>  

    <applicationPools>  
        <add name="DefaultAppPool" />  
        <add name="Classic .NET AppPool" managedRuntimeVersion="v2.0" managedPipelineMode="Classic" />  
        <add name=".NET v2.0 Classic" managedRuntimeVersion="v2.0" managedPipelineMode="Classic" />  
        <add name=".NET v2.0" managedRuntimeVersion="v2.0" />  
        <add name=".NET v4.5 Classic" managedRuntimeVersion="v4.0" managedPipelineMode="Classic" startMode="AlwaysRunning">  
            <processModel identityType="NetworkService" />  
            <recycling>  
                <periodicRestart time="00:00:00" />  
            </recycling>  
        </add>  
        <add name=".NET v4.5" managedRuntimeVersion="v4.0">  
            <processModel identityType="SpecificUser" userName="MASKED" password="MASKED" />  
        </add>  
        <add name="LetterEditor" autoStart="true" managedRuntimeVersion="v4.0">  
            <processModel identityType="NetworkService" loadUserProfile="true" />  
        </add>  
        <add name="FaxServPool" autoStart="true" managedRuntimeVersion="" />  
        <add name="Wopi" autoStart="true">  
            <processModel identityType="NetworkService" />  
        </add>  
        <add name="AgadiaFaxIntegrationService" autoStart="true" enable32BitAppOnWin64="false" managedRuntimeVersion="">  
            <processModel startupTimeLimit="00:01:30" />  
        </add>  
        <add name="AsyncFaxService" autoStart="true" managedRuntimeVersion="v4.0">  
            <processModel identityType="NetworkService" />  
        </add>  
        <add name="TestWebDav">  
            <processModel identityType="SpecificUser" userName="MASKED" password="MASKED" />  
        </add>  
        <applicationPoolDefaults managedRuntimeVersion="v4.0">  
            <processModel identityType="ApplicationPoolIdentity" />  
        </applicationPoolDefaults>  
    </applicationPools>  

    <!--  

      The <customMetadata> section is used internally by the Admin Base Objects  
      (ABO) Compatibility component. Please do not modify its content.  

    -->  
    <customMetadata />  

    <!--  

      The <listenerAdapters> section defines the protocols with which the  
      Windows Process Activation Service (WAS) binds.  

    -->  
    <listenerAdapters>  
        <add name="http" />  
    </listenerAdapters>  

    <log>  
        <centralBinaryLogFile enabled="true" directory="%SystemDrive%\inetpub\logs\LogFiles" />  
        <centralW3CLogFile enabled="true" directory="%SystemDrive%\inetpub\logs\LogFiles" />  
    </log>  

    <sites>  
        <site name="Default Web Site" id="1" serverAutoStart="true">  
            <application path="/">  
                <virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" />  
                <virtualDirectory path="/WebDAVShare" physicalPath="D:\WebDavTest" />  
            </application>  
            <bindings>  
                <binding protocol="http" bindingInformation="*:80:" />  
            </bindings>  
        </site>  
        <site name="devTXTControl" id="2" serverAutoStart="true">  
            <application path="/" applicationPool="LetterEditor">  
                <virtualDirectory path="/" physicalPath="D:\Websites\TXTControl1" />  
                <virtualDirectory path="/WebDAVShare" physicalPath="D:\WebDavTest" />  
            </application>  
            <application path="/devTxtControl" applicationPool=".NET v4.5">  
                <virtualDirectory path="/" physicalPath="D:\Websites\DevTxTControl" />  
            </application>  
            <application path="/pilotTxtControl" applicationPool=".NET v4.5">  
                <virtualDirectory path="/" physicalPath="D:\Websites\PilotTxTControl" />  
            </application>  
            <application path="/StreamDiffCompare" applicationPool="LetterEditor">  
                <virtualDirectory path="/" physicalPath="D:\Websites\StreamDiffCompare" />  
            </application>  
            <application path="/wopi" applicationPool="Wopi">  
                <virtualDirectory path="/" physicalPath="D:\WOPI" />  
            </application>  
            <application path="/AgadiaFaxIntegrationService" applicationPool="AgadiaFaxIntegrationService">  
                <virtualDirectory path="/" physicalPath="D:\Websites\AgadiaFaxIntegrationService" />  
            </application>  
            <application path="/AsyncFaxServiceTestApp" applicationPool=".NET v4.5 Classic">  
                <virtualDirectory path="/" physicalPath="D:\Websites\AsyncFaxService-TestApp" />  
            </application>  
            <application path="/wopipage" applicationPool="Wopi">  
                <virtualDirectory path="/" physicalPath="D:\WOPIPage" />  
            </application>  
            <application path="/AgadiaAsyncFaxService" applicationPool="FaxServPool">  
                <virtualDirectory path="/" physicalPath="D:\Websites\AgadiaAsyncFaxService" />  
            </application>  
            <bindings>  
                <binding protocol="https" bindingInformation="172.16.200.174:443:" sslFlags="0" />  
            </bindings>  
        </site>  
        <site name="RxConn_TXTControl" id="3" serverAutoStart="true">  
            <application path="/" applicationPool="LetterEditor">  
                <virtualDirectory path="/" physicalPath="D:\Websites\RxConn_TXTControl" />  
            </application>  
            <application path="/AsyncFaxServiceTestApp1" applicationPool="AsyncFaxService">  
                <virtualDirectory path="/" physicalPath="D:\Websites\AgadiaFaxTestApp" />  
            </application>  
            <bindings>  
                <binding protocol="https" bindingInformation="172.16.200.122:443:" sslFlags="0" />  
            </bindings>  
        </site>  
        <site name="TestWebDav" id="4" serverAutoStart="true">  
            <application path="/" applicationPool="TestWebDav">  
                <virtualDirectory path="/" physicalPath="D:\TestWebDav" />  
            </application>  
            <application path="/Test" applicationPool="TestWebDav">  
                <virtualDirectory path="/" physicalPath="D:\TemplatesComparisonService" />  
            </application>  
            <bindings>  
                <binding protocol="http" bindingInformation="172.16.200.174:1234:" />  
            </bindings>  
        </site>  
        <siteDefaults>  
            <logFile logFormat="W3C" directory="%SystemDrive%\inetpub\logs\LogFiles" />  
            <traceFailedRequestsLogging directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles" />  
        </siteDefaults>  
        <applicationDefaults applicationPool="DefaultAppPool" />  
        <virtualDirectoryDefaults allowSubDirConfig="true" />  
    </sites>  

    <webLimits />  

</system.applicationHost>  

<system.webServer>  

    <asp />  

    <caching enabled="true" enableKernelCache="true">  
    </caching>  

    <cgi />  

    <defaultDocument enabled="true">  
        <files>  
            <add value="Default.htm" />  
            <add value="Default.asp" />  
            <add value="index.htm" />  
            <add value="index.html" />  
            <add value="iisstart.htm" />  
            <add value="default.aspx" />  
        </files>  
    </defaultDocument>  

    <directoryBrowse enabled="false" />  

    <fastCgi />  

    <!--  

      The <globalModules> section defines all native-code modules.  
      To enable a module, specify it in the <modules> section.  

    -->  
    <globalModules>  
        <add name="UriCacheModule" image="%windir%\System32\inetsrv\cachuri.dll" />  
        <add name="FileCacheModule" image="%windir%\System32\inetsrv\cachfile.dll" />  
        <add name="TokenCacheModule" image="%windir%\System32\inetsrv\cachtokn.dll" />  
        <add name="HttpCacheModule" image="%windir%\System32\inetsrv\cachhttp.dll" />  
        <add name="DynamicCompressionModule" image="%windir%\System32\inetsrv\compdyn.dll" />  
        <add name="StaticCompressionModule" image="%windir%\System32\inetsrv\compstat.dll" />  
        <add name="DefaultDocumentModule" image="%windir%\System32\inetsrv\defdoc.dll" />  
        <add name="DirectoryListingModule" image="%windir%\System32\inetsrv\dirlist.dll" />  
        <add name="ProtocolSupportModule" image="%windir%\System32\inetsrv\protsup.dll" />  
        <add name="StaticFileModule" image="%windir%\System32\inetsrv\static.dll" />  
        <add name="AnonymousAuthenticationModule" image="%windir%\System32\inetsrv\authanon.dll" />  
        <add name="RequestFilteringModule" image="%windir%\System32\inetsrv\modrqflt.dll" />  
        <add name="CustomErrorModule" image="%windir%\System32\inetsrv\custerr.dll" />  
        <add name="HttpLoggingModule" image="%windir%\System32\inetsrv\loghttp.dll" />  
        <add name="TracingModule" image="%windir%\System32\inetsrv\iisetw.dll" />  
        <add name="FailedRequestsTracingModule" image="%windir%\System32\inetsrv\iisfreb.dll" />  
        <add name="RequestMonitorModule" image="%windir%\System32\inetsrv\iisreqs.dll" />  
        <add name="IsapiModule" image="%windir%\System32\inetsrv\isapi.dll" />  
        <add name="IsapiFilterModule" image="%windir%\System32\inetsrv\filter.dll" />  
        <add name="CgiModule" image="%windir%\System32\inetsrv\cgi.dll" />  
        <add name="FastCgiModule" image="%windir%\System32\inetsrv\iisfcgi.dll" />  
        <add name="ManagedEngine64" image="%windir%\Microsoft.NET\Framework64\v2.0.50727\webengine.dll" preCondition="integratedMode,runtimeVersionv2.0,bitness64" />  
        <add name="ManagedEngine" image="%windir%\Microsoft.NET\Framework\v2.0.50727\webengine.dll" preCondition="integratedMode,runtimeVersionv2.0,bitness32" />  
        <add name="ManagedEngineV4.0_32bit" image="%windir%\Microsoft.NET\Framework\v4.0.30319\webengine4.dll" preCondition="integratedMode,runtimeVersionv4.0,bitness32" />  
        <add name="ManagedEngineV4.0_64bit" image="%windir%\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll" preCondition="integratedMode,runtimeVersionv4.0,bitness64" />  
        <add name="ConfigurationValidationModule" image="%windir%\System32\inetsrv\validcfg.dll" />  
        <add name="WebSocketModule" image="%windir%\System32\inetsrv\iiswsock.dll" />  
        <add name="AspNetCoreModuleV2" image="%ProgramFiles%\IIS\Asp.Net Core Module\V2\aspnetcorev2.dll" />  
        <add name="WebDAVModule" image="%windir%\System32\inetsrv\webdav.dll" />  
        <add name="WindowsAuthenticationModule" image="%windir%\System32\inetsrv\authsspi.dll" />  
    </globalModules>  

    <httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">  
        <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />  
        <dynamicTypes>  
            <add mimeType="text/*" enabled="true" />  
            <add mimeType="message/*" enabled="true" />  
            <add mimeType="application/x-javascript" enabled="true" />  
            <add mimeType="application/javascript" enabled="true" />  
            <add mimeType="*/*" enabled="false" />  
            <add mimeType="text/event-stream" enabled="false" />  
        </dynamicTypes>  
        <staticTypes>  
            <add mimeType="text/*" enabled="true" />  
            <add mimeType="message/*" enabled="true" />  
            <add mimeType="application/javascript" enabled="true" />  
            <add mimeType="application/atom+xml" enabled="true" />  
            <add mimeType="application/xaml+xml" enabled="true" />  
            <add mimeType="*/*" enabled="false" />  
        </staticTypes>  
    </httpCompression>  

    <httpErrors lockAttributes="allowAbsolutePathsWhenDelegated,defaultPath">  
        <error statusCode="401" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="401.htm" />  
        <error statusCode="403" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="403.htm" />  
        <error statusCode="404" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="404.htm" />  
        <error statusCode="405" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="405.htm" />  
        <error statusCode="406" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="406.htm" />  
        <error statusCode="412" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="412.htm" />  
        <error statusCode="500" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="500.htm" />  
        <error statusCode="501" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="501.htm" />  
        <error statusCode="502" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="502.htm" />  
    </httpErrors>  

    <httpLogging dontLog="false" />  

    <httpProtocol>  
        <customHeaders>  
            <clear />  
            <add name="X-Powered-By" value="ASP.NET" />  
        </customHeaders>  
        <redirectHeaders>  
            <clear />  
        </redirectHeaders>  
    </httpProtocol>  

    <httpRedirect />  

    <httpTracing>  
    </httpTracing>  

    <isapiFilters>  
        <filter name="ASP.Net_2.0.50727-64" path="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv2.0,bitness64" />  
        <filter name="ASP.Net_2.0.50727.0" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv2.0,bitness32" />  
        <filter name="ASP.Net_4.0_32bit" path="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv4.0,bitness32" />  
        <filter name="ASP.Net_4.0_64bit" path="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv4.0,bitness64" />  
    </isapiFilters>  

    <odbcLogging />  

    <security>  

        <access sslFlags="None" />  

        <applicationDependencies />  

        <authentication>  

            <anonymousAuthentication enabled="true" userName="IUSR" />  

            <basicAuthentication />  

            <clientCertificateMappingAuthentication />  

            <digestAuthentication />  

            <iisClientCertificateMappingAuthentication />  

            <windowsAuthentication enabled="false" authPersistNonNTLM="true">  
                <providers>  
                    <add value="Negotiate" />  
                    <add value="NTLM" />  
                </providers>  
            </windowsAuthentication>  

        </authentication>  

        <authorization />  

        <ipSecurity />  

        <isapiCgiRestriction>  
            <add path="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll" allowed="true" groupId="ASP.NET v2.0.50727" description="ASP.NET v2.0.50727" />  
            <add path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" allowed="true" groupId="ASP.NET v2.0.50727" description="ASP.NET v2.0.50727" />  
            <add path="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" allowed="true" groupId="ASP.NET v4.0.30319" description="ASP.NET v4.0.30319" />  
            <add path="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" allowed="true" groupId="ASP.NET v4.0.30319" description="ASP.NET v4.0.30319" />  
            <add path="%windir%\system32\inetsrv\webdav.dll" allowed="true" groupId="WEBDAV" description="WebDAV" />  
        </isapiCgiRestriction>  

        <requestFiltering>  
            <fileExtensions allowUnlisted="true" applyToWebDAV="true">  
                <add fileExtension=".asax" allowed="false" />  
                <add fileExtension=".ascx" allowed="false" />  
                <add fileExtension=".master" allowed="false" />  
                <add fileExtension=".skin" allowed="false" />  
                <add fileExtension=".browser" allowed="false" />  
                <add fileExtension=".sitemap" allowed="false" />  
                <add fileExtension=".config" allowed="false" />  
                <add fileExtension=".cs" allowed="false" />  
                <add fileExtension=".csproj" allowed="false" />  
                <add fileExtension=".vb" allowed="false" />  
                <add fileExtension=".vbproj" allowed="false" />  
                <add fileExtension=".webinfo" allowed="false" />  
                <add fileExtension=".licx" allowed="false" />  
                <add fileExtension=".resx" allowed="false" />  
                <add fileExtension=".resources" allowed="false" />  
                <add fileExtension=".mdb" allowed="false" />  
                <add fileExtension=".vjsproj" allowed="false" />  
                <add fileExtension=".java" allowed="false" />  
                <add fileExtension=".jsl" allowed="false" />  
                <add fileExtension=".ldb" allowed="false" />  
                <add fileExtension=".dsdgm" allowed="false" />  
                <add fileExtension=".ssdgm" allowed="false" />  
                <add fileExtension=".lsad" allowed="false" />  
                <add fileExtension=".ssmap" allowed="false" />  
                <add fileExtension=".cd" allowed="false" />  
                <add fileExtension=".dsprototype" allowed="false" />  
                <add fileExtension=".lsaprototype" allowed="false" />  
                <add fileExtension=".sdm" allowed="false" />  
                <add fileExtension=".sdmDocument" allowed="false" />  
                <add fileExtension=".mdf" allowed="false" />  
                <add fileExtension=".ldf" allowed="false" />  
                <add fileExtension=".ad" allowed="false" />  
                <add fileExtension=".dd" allowed="false" />  
                <add fileExtension=".ldd" allowed="false" />  
                <add fileExtension=".sd" allowed="false" />  
                <add fileExtension=".adprototype" allowed="false" />  
                <add fileExtension=".lddprototype" allowed="false" />  
                <add fileExtension=".exclude" allowed="false" />  
                <add fileExtension=".refresh" allowed="false" />  
                <add fileExtension=".compiled" allowed="false" />  
                <add fileExtension=".msgx" allowed="false" />  
                <add fileExtension=".vsdisco" allowed="false" />  
                <add fileExtension=".rules" allowed="false" />  
            </fileExtensions>  
            <verbs allowUnlisted="true" applyToWebDAV="true" />  
            <hiddenSegments applyToWebDAV="true">  
                <add segment="web.config" />  
                <add segment="bin" />  
                <add segment="App_code" />  
                <add segment="App_GlobalResources" />  
                <add segment="App_LocalResources" />  
                <add segment="App_WebReferences" />  
                <add segment="App_Data" />  
                <add segment="App_Browsers" />  
            </hiddenSegments>  
            <alwaysAllowedUrls>  
            </alwaysAllowedUrls>  
        </requestFiltering>  

    </security>  

    <serverRuntime />  

    <serverSideInclude />  

    <staticContent lockAttributes="isDocFooterFileName">  
        <mimeMap fileExtension=".323" mimeType="text/h323" />  
        <mimeMap fileExtension=".3g2" mimeType="video/3gpp2" />  
        <mimeMap fileExtension=".3gp2" mimeType="video/3gpp2" />  
        <mimeMap fileExtension=".3gp" mimeType="video/3gpp" />  
        <mimeMap fileExtension=".3gpp" mimeType="video/3gpp" />  
        <mimeMap fileExtension=".aaf" mimeType="application/octet-stream" />  
        <mimeMap fileExtension=".aac" mimeType="audio/aac" />  
        <mimeMap fileExtension=".aca" mimeType="application/octet-stream" />  
        <mimeMap fileExtension=".accdb" mimeType="application/msaccess" />  
        <mimeMap fileExtension=".accde" mimeType="application/msaccess" />  
        <mimeMap fileExtension=".accdt" mimeType="application/msaccess" />  
        <mimeMap fileExtension=".acx" mimeType="application/internet-property-stream" />  
        <mimeMap fileExtension=".adt" mimeType="audio/vnd.dlna.adts" />  
        <mimeMap fileExtension=".adts" mimeType="audio/vnd.dlna.adts" />  
        <mimeMap fileExtension=".afm" mimeType="application/octet-stream" />  
        <mimeMap fileExtension=".ai" mimeType="application/postscript" />  
        <mimeMap fileExtension=".aif" mimeType="audio/x-aiff" />  
        <mimeMap fileExtension=".aifc" mimeType="audio/aiff" />  
        <mimeMap fileExtension=".aiff" mimeType="audio/aiff" />  
        <mimeMap fileExtension=".application" mimeType="application/x-ms-application" />  
        <mimeMap fileExtension=".art" mimeType="image/x-jg" />  
        <mimeMap fileExtension=".asd" mimeType="application/octet-stream" />  
        <mimeMap fileExtension=".asf" mimeType="video/x-ms-asf" />  
        <mimeMap fileExtension=".asi" mimeType="application/octet-stream" />  
        <mimeMap fileExtension=".asm" mimeType="text/plain" />  
        <mimeMap fileExtension=".asr" mimeType="video/x-ms-asf" />  
        <mimeMap fileExtension=".asx" mimeType="video/x-ms-asf" />  
        <mimeMap fileExtension=".atom" mimeType="application/atom+xml" />  
        <mimeMap fileExtension=".au" mimeType="audio/basic" />  
        <mimeMap fileExtension=".avi" mimeType="video/avi" />  
        <mimeMap fileExtension=".axs" mimeType="application/olescript" />  
        <mimeMap fileExtension=".bas" mimeType="text/plain" />  
        <mimeMap fileExtension=".bcpio" mimeType="application/x-bcpio" />  
        <mimeMap fileExtension=".bin" mimeType="application/octet-stream" />  
        <mimeMap fileExtension=".bmp" mimeType="image/bmp" />  
        <mimeMap fileExtension=".c" mimeType="text/plain" />  
        <mimeMap fileExtension=".cab" mimeType="application/vnd.ms-cab-compressed" />  
        <mimeMap fileExtension=".calx" mimeType="application/vnd.ms-office.calx" />  
        <mimeMap f

Answer 5

Hi @Varun Arora ,

I checked the configuration file. There are two points you need to change. These points caused your initial error and later error.

First one is authorization rule. You didnot set it to allow all users access site content. It caused your initial error.

Though I suggest you check it at site level, if it doesn't set at server level, IIS will still block users. It has a higher priority than the site level. You can set like this:

   <authorization>  
                <add accessType="Allow" users="*" />  
            </authorization>

Or set it in IIS Manager:

Note: Set it at server level.

Second one is allowAnonymousPropfind. You set it true to enable it. This will allow anonymous users access the network driver, but they cannot edit or create files because webdav doesn't allow anonymous behavior.

Please disable it at site level and server level in IIS manager.

Note: Step one indicates that this is at the server level. Screenshoots just set at server level. You also need to set at site level.
If you set correctly, configuration files should look like this:

 <webdav>  
                <authoring enabled="true" />  
                <authoringRules>  
                    <add users="*" roles="" path="*" access="Read, Write, Source" />  
                </authoringRules>  
            </webdav>

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Bruce Zhang

Varun Arora 6 Reputation points

2021-12-17T15:23:26.337+00:00

Hello,

Thanks for coming back to me so quickly.

I tried the above steps:

1) Added URL Authorization feature and rule at server level.

![158641-image.png][2]

2) Changed "Allow anonymous property queries" property to false at server and site level.

But still I am getting issues in writing anything to that mapped folder: [2]: /api/attachments/158641-image.png?platform=QnA
Bruce Zhang-MSFT 3,771 Reputation points

2021-12-20T02:10:25.973+00:00

Hi @Varun Arora ,

Please don't post any image or message which may contain your ip address or any other personal information. If the image contains IP or other information, please cover them.

Did you reconnect the Map Network Driver after doing these change? Reconnection is necessary to provide credential.

If you have reconnected it, did it ask you to enter credential like this? If not, that means you didn't configure all settings correctly. Please configure in applicationhost.config file directly.
Varun Arora 6 Reputation points

2021-12-20T02:45:55.77+00:00

I disconnect and again created mapped drive.
It was able to disconnect and reconnect with http site and write to it and as you said it asked for creds again, but our main site with https it was not even able to reconnect after entering the correct same user creds. It keeps asking for user creds with https even entering right creds.

Thanks,
Varun

Share via

IIS - WebDav mapped folder is readonly

7 answers

Your answer