DOCUMENT:Q323470  21-JUN-2002  [iis]
TITLE   :HOW TO: Create a Secure WebDAV Publishing Directory
PRODUCT :Internet Information Server
PROD/VER::5.0
OPER/SYS:
KEYWORDS:kbHOWTOmaster

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Internet Information Services version 5.0 
 - Microsoft Internet Information Services version 5.1 
-------------------------------------------------------------------------------


IN THIS TASK
------------

 - SUMMARY

    - Create a WebDAV Publishing Directory
 - Set Up Basic Authentication
 - Troubleshooting

 - REFERENCES

SUMMARY
=======

This step-by-step article describes how to create a secure Web Distributed
Authoring and Versioning (WebDAV) publishing directory.

Create a WebDAV Publishing Directory
------------------------------------

1. On the Microsoft Windows 2000 desktop, click My Computer.

2. In the Inetpub directory, create a physical directory. For example, if you
   name the directory WebDAV, the path to this directory is C:\Inetpub\WebDAV.
   You can put this directory anywhere except under the Wwwroot directory.
   Wwwroot is an exception because its default discretionary access control
   lists (DACLs) are different from those on other directories.

3. Click Start, click Programs, click Administrative Tools, and then open the
   Internet Information Services (IIS) snap-in. Click to select the Web site in
   which you want to create the virtual directory, and then map it to the
   physical directory that you created in step 2.

4. Type "WebDAV" (without the quotation marks) as the alias for this virtual
   directory, and then link it to the physical directory that you created in
   step 2.

5. Reset the default NTFS file system permissions to something more restrictive.
   Users need at least Read permissions to see the directory. If users want to
   upload content, users also need Write permissions.

6. Grant the Read, Write, and Browsing access permissions for the virtual
   directory from the IIS Microsoft Management Console (MMC). This grants users
   the right to publish documents on this virtual directory and to see a list of
   the files in it. Although Microsoft does not recommend this for security
   reasons, you can grant the same access to all of your Web site and allow
   clients to publish to all of your Web server.

   NOTE: Granting Write access does not give a client the ability to modify
   Active Server Pages (ASP) pages or any other script-mapped files. To allow
   these files to be modified, you must grant Write permissions and Script
   source access after you create the virtual directory.

Set Up Basic Authentication
---------------------------

1. Set up Secure Sockets Layer (SSL).

For additional information, click the article number below to view the article in
the Microsoft Knowledge Base:

   Q290625 HOWTO: Configure SSL in a Windows 2000 IIS 5.0 Test Environment Using
   Certificate Server 2.0

2. After you have installed the certificate on the Web server, enable Basic
   authentication on the WebDAV virtual directory in the IIS MMC:

   a. Click Start, click Programs, and then click Administrative Tools.

   b. Click Internet Information Services. This opens the MMC for IIS.

   c. Locate your WebDAV publishing directory under the Web site that you
      created. Right-click the directory, and then click Properties.

   d. In the window that appears, click the Directory Security tab. Under
      Anonymous Access and Authentication Control, click Edit. This opens the
      Authentication Methods window.

   e. Click to select Basic authentication for the virtual directory. Make sure
      that nothing except Basic is selected.

   f. Click OK in the next two windows so that the settings take effect.

Troubleshooting
---------------

For a user to log on to a server using Basic authentication, their user account
needs Log on locally permissions. You can add these permissions from the Local
Security Policy.

REFERENCES
==========

For more information, see the Internet Information Services 5.0 documentation.

Additional query words:

======================================================================
Keywords          : kbHOWTOmaster 
Technology        : kbiisSearch kbiis500 kbiis510
Version           : :5.0
Issue type        : kbhowto

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 2002.