Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

franc

WebDAV - HTTP Basic Auth

Hallo

I have a WebDAV Login at a Hetzner Storage Box where I can login successfully with (actual) WinSCP with WebDAV. In the (debug level 2) log I read: 

. 2025-10-07 14:54:39.512 --------------------------------------------------------------------------

. 2025-10-07 14:54:39.513 WinSCP Version 6.5.3 (Build 16364 2025-07-16) (OS 10.0.22631 – Windows 11 Enterprise)

. 2025-10-07 14:54:39.514 Configuration: C:\Program Files (x86)\WinSCP\WinSCP.ini

. 2025-10-07 14:54:39.514 Log level: Debug 2

. 2025-10-07 14:54:39.514 Local account: FRANC-COMP\f

. 2025-10-07 14:54:39.514 Working directory: C:\Program Files (x86)\WinSCP

. 2025-10-07 14:54:39.514 Process ID: 4624

. 2025-10-07 14:54:39.522 Ancestor processes: explorer, ...

. 2025-10-07 14:54:39.522 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" 

. 2025-10-07 14:54:39.522 Time zone: Current: GMT+2, Standard: GMT+1 (Mitteleuropäische Zeit), DST: GMT+2 (Mitteleuropäische Sommerzeit), DST Start: 30.03.2025, DST End: 26.10.2025

. 2025-10-07 14:54:39.522 Login time: Dienstag, 7. Oktober 2025 14:54:39

. 2025-10-07 14:54:39.522 --------------------------------------------------------------------------

. 2025-10-07 14:54:39.522 Session name: Hetzner-CH-WebDAV (Site)

. 2025-10-07 14:54:39.522 Host name: u123456.your-storagebox.de (Port: 443)

. 2025-10-07 14:54:39.522 User name: u123456 (Password: Yes, Key file: No, Passphrase: No)

. 2025-10-07 14:54:39.522 Transfer Protocol: WebDAV

. 2025-10-07 14:54:39.522 Proxy: None

. 2025-10-07 14:54:39.522 HTTPS: Yes [Client certificate: No]

. 2025-10-07 14:54:39.522 WebDAV: Tolerate non-encoded: No

. 2025-10-07 14:54:39.522 TLS/SSL versions: TLSv1.2-TLSv1.3

. 2025-10-07 14:54:39.522 Local directory: C:\Users\f\Desktop, Remote directory: /, Update: Yes, Cache: Yes

. 2025-10-07 14:54:39.522 Cache directory changes: Yes, Permanent: Yes

. 2025-10-07 14:54:39.522 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 

. 2025-10-07 14:54:39.522 DST mode: Unix

. 2025-10-07 14:54:39.522 Compression: No

. 2025-10-07 14:54:39.522 --------------------------------------------------------------------------

. 2025-10-07 14:54:39.575 HTTP session to https://u123456.your-storagebox.de:443 begins.

. 2025-10-07 14:54:39.576 ssl: SNI enabled by default.

. 2025-10-07 14:54:39.576 auth: Create for WWW-Authenticate

. 2025-10-07 14:54:39.576 Running pre_send hooks

. 2025-10-07 14:54:39.576 Sending request headers:

. 2025-10-07 14:54:39.576 OPTIONS / HTTP/1.1



. 2025-10-07 14:54:39.576 User-Agent: WinSCP/6.5.3 neon/0.34.2



. 2025-10-07 14:54:39.576 Keep-Alive: 



. 2025-10-07 14:54:39.576 Connection: TE, Keep-Alive



. 2025-10-07 14:54:39.576 TE: trailers



. 2025-10-07 14:54:39.576 Host: u123456.your-storagebox.de

. 2025-10-07 14:54:39.576 Sending request-line and headers:

. 2025-10-07 14:54:39.576 Doing DNS lookup on u123456.your-storagebox.de...

. 2025-10-07 14:54:39.584 req: Connecting to 2a01:4f8:2b02:c99::2:443

. 2025-10-07 14:54:39.611 Doing SSL negotiation.

. 2025-10-07 14:54:39.645 ssl: Verify callback @ 2 => 19

. 2025-10-07 14:54:39.645 ssl: Verify failures |= 8 => 8

. 2025-10-07 14:54:39.646 Chain depth: 3

. 2025-10-07 14:54:39.646 Identity match for '': bad

. 2025-10-07 14:54:39.646 Identity match for '': bad

. 2025-10-07 14:54:39.646 Identity match for '': bad

. 2025-10-07 14:54:39.646 ssl: Match common name '*.your-storagebox.de' against 'u123456.your-storagebox.de'

. 2025-10-07 14:54:39.646 Identity match for 'u123456.your-storagebox.de': good

. 2025-10-07 14:54:39.646 Verifying certificate for "*.your-storagebox.de" with fingerprint 34:12:f3:d8:e2:cb:8f:51:82:c7:1d:03:6a:a5:59:0c:f9:5d:60:7f:73:0d:c7:fd:65:02:ed:d7:a4:61:cc:cf and 08 failures

. 2025-10-07 14:54:39.670 Certificate verified against Windows certificate store

. 2025-10-07 14:54:39.670 Using TLSv1.3, cipher TLSv1.3: TLS_AES_256_GCM_SHA384, 4096 bit RSA

. 2025-10-07 14:54:39.670 Request sent; retry is 0.

. 2025-10-07 14:54:39.694 req: Line: HTTP/1.1 401 Unauthorized

. 2025-10-07 14:54:39.694 req: Line: Date: Tue, 07 Oct 2025 12:54:39 GMT

. 2025-10-07 14:54:39.694 req: Header: [date] = [Tue, 07 Oct 2025 12:54:39 GMT]

. 2025-10-07 14:54:39.694 req: Line: Server: Apache

. 2025-10-07 14:54:39.694 req: Header: [server] = [Apache]

. 2025-10-07 14:54:39.694 req: Line: WWW-Authenticate: Basic realm="WebDAV Restricted"

. 2025-10-07 14:54:39.694 req: Header: [www-authenticate] = [Basic realm="WebDAV Restricted"]

. 2025-10-07 14:54:39.694 req: Line: Content-Length: 458

. 2025-10-07 14:54:39.694 req: Header: [content-length] = [458]

. 2025-10-07 14:54:39.694 req: Line: Keep-Alive: timeout=15, max=100

. 2025-10-07 14:54:39.694 req: Header: [keep-alive] = [timeout=15, max=100]

. 2025-10-07 14:54:39.694 req: Line: Connection: Keep-Alive

. 2025-10-07 14:54:39.694 req: Header: [connection] = [Keep-Alive]

. 2025-10-07 14:54:39.694 req: Line: Content-Type: text/html; charset=iso-8859-1

. 2025-10-07 14:54:39.694 req: Header: [content-type] = [text/html; charset=iso-8859-1]

. 2025-10-07 14:54:39.694 req: Line:

. 2025-10-07 14:54:39.694 req: End of headers.

. 2025-10-07 14:54:39.694 Running post_headers hooks

. 2025-10-07 14:54:39.716 Reading 458 bytes of response body.

. 2025-10-07 14:54:39.716 Got 458 bytes.

. 2025-10-07 14:54:39.716 Read block (458 bytes):

. 2025-10-07 14:54:39.716 [<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

. 2025-10-07 14:54:39.716 <html><head>

. 2025-10-07 14:54:39.716 <title>401 Unauthorized</title>

. 2025-10-07 14:54:39.716 </head><body>

. 2025-10-07 14:54:39.716 <h1>Unauthorized</h1>

. 2025-10-07 14:54:39.716 <p>This server could not verify that you

. 2025-10-07 14:54:39.716 are authorized to access the document

. 2025-10-07 14:54:39.716 requested.  Either you supplied the wrong

. 2025-10-07 14:54:39.716 credentials (e.g., bad password), or your

. 2025-10-07 14:54:39.716 browser doesn't understand how to supply

. 2025-10-07 14:54:39.716 the credentials required.</p>

. 2025-10-07 14:54:39.716 <hr>

. 2025-10-07 14:54:39.716 <address>Apache Server at u123456.your-storagebox.de Port 443</address>

. 2025-10-07 14:54:39.716 </body></html>

. 2025-10-07 14:54:39.716 ]

. 2025-10-07 14:54:39.716 Running post_send hooks

. 2025-10-07 14:54:39.716 auth: Post-send (#0), code is 401 (want 401), WWW-Authenticate is Basic realm="WebDAV Restricted"

. 2025-10-07 14:54:39.716 auth: Got challenge (code 401).

. 2025-10-07 14:54:39.716 auth: Got 'Basic' challenge.

. 2025-10-07 14:54:39.716 auth: Trying Basic challenge...

. 2025-10-07 14:54:39.716 auth: Basic auth scope is: /

. 2025-10-07 14:54:39.716 auth: Accepted Basic challenge.

. 2025-10-07 14:54:39.716 Running pre_send hooks

. 2025-10-07 14:54:39.716 auth: Sending 'Basic' response.

. 2025-10-07 14:54:39.716 auth: '/' is inside auth domain: 1.

. 2025-10-07 14:54:39.716 Sending request headers:

. 2025-10-07 14:54:39.716 OPTIONS / HTTP/1.1

...

What I dont understand is that it says "Unauthorized" (at: 2025-10-07 14:54:39.716) but authentification works anyway.
What happens after this "Unauthorized"? How does WinSCP authorize to the WebDAV Storage Box exactly?
I ask this, because I have issues with a Plugin in Total Commander, where I cannot access that storage box with WebDAV.
Thanks for hints, frank

Documentation

Support

Associations

Follow Us