Topic "Problem connecting with WebDAV on IIS7.5"

Author Message
Wizz@Bell
[View user's profile]

Joined: 2015-07-22
Posts: 6
Hi,
I looked for a WebDAV client and WinSCP (on Windows 7 32 bits) was a no brainer here Smile
I downloaded the latest version 2 days ago... but nothing worked as excepted. (At least no easy as a ssh)

I try to use a webdav connection on a https server with WinSCP.
The server is a SharePoint 2010 on IIS 7.5.
My credential required a domain, username and password in a basic authentification.

When I use WinSCP, I always receive a message 405 "405 Method Not Allowed" what ever I try.
I did try a lot of stuff for make it work and I still hope figure out how to connect with WinSCP.

The connection with Windows Explorer work easily but I don't want to use it because my final client machine will be a Linux.

The command line is "NET USE * https://servername:443/testssharepoint/ password /USER:different_domain\username" and that work every time.
(My Windows credential aren't the same)

I did trace the communication with "NET USE" and "WinSCP" with Fiddler2.

This is "NET commandline" connection in 2 steps:
1.Request
CONNECT servername.com:443 HTTP/1.1
Host: servername.com:443

A SSLv2-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)
Random: D2 97 A6 D2 E3 7B 5E EB 17 41 74 02 A9 E6 3E 81
"Time": 2081-12-28 02:40:02
SessionID: empty
Extensions:
none
Ciphers:
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[0035] TLS_RSA_AES_256_SHA
[002F] TLS_RSA_AES_128_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[10080] SSL2_RC4_128_WITH_MD5
[700C0] SSL2_DES_192_EDE3_WITH_MD5
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
(not specified)

Response:
HTTP/1.1 200 Connection established

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Aes128 128bits
Hash Algorithm: Sha1 160bits
Key Exchange: RsaKeyX 2048bits

== Server Certificate ==========
[Subject]
CN=*.servername.com, O=******** Inc., L=*******, S=******, C=**

[Issuer]
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

[Serial Number]
0???????????????????????????????

[Not Before]
2014-09-10 20:00:00

[Not After]
2018-01-03 07:00:00

[Thumbprint]
*****

2.Request
PROPFIND https://servername.com/testssharepoint/Tests%20Documents HTTP/1.1
Connection: Keep-Alive
User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
Depth: 0
translate: f
Content-Length: 0
Host: servername.com
Authorization: Basic a*******=
Cookie: WSS_KeepSessionAuthenticated=*****=="

Response:
HTTP/1.1 207 MULTI-STATUS
Connection: Keep-Alive
Set-Cookie: cadata996C93E01EBA443DB60D27A197E8CA52=***=="; HttpOnly; secure; path=/
Content-Length: 1151
Date: Thu, 23 Jul 2015 13:04:20 GMT
Content-Type: text/xml
Server: Microsoft-IIS/7.5
Cache-Control: no-cache
SPRequestGuid: ****
Set-Cookie: WSS_KeepSessionAuthenticated={****}; path=/
X-SharePointHealthScore: 0
Public-Extension: http://schemas.microsoft.com/repl-2
Set-Cookie: WSS_KeepSessionAuthenticated={****}; path=/
Persistent-Auth: true
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6112

<?xml version="1.0" encoding="utf-8" ?><D:multistatus xmlns:D="DAV:" xmlns:Office="urn:schemas-microsoft-com:office:office" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:Z="urn:schemas-microsoft-com:">
<D:response><D:href>https://servername.com/testssharepoint/Tests%20Documents</D:href><D:propstat><D:prop><D:displayname>Tests Documents</D:displayname><D:lockdiscovery/><D:supportedlock/><D:isFolder>t</D:isFolder><D:iscollection>1</D:iscollection><D:ishidden>0</D:ishidden><D:getcontenttype>application/octet-stream</D:getcontenttype><D:getcontentlength>0</D:getcontentlength><D:resourcetype><D:collection/></D:resourcetype><Repl:authoritative-directory>t</Repl:authoritative-directory><D:getlastmodified>2015-07-21T18:51:09Z</D:getlastmodified><D:creationdate>2012-07-27T19:19:28Z</D:creationdate><Repl:repl-uid>rid:{***}</Repl:repl-uid><Repl:resourcetag>rt:DCD68809-*******@00000000000</Repl:resourcetag><D:getetag>&quot;{DCD68809-******},0&quot;</D:getetag></D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>

I did try to trace WinSCP... without success with WinSCP stream.

I think IIS 7.5 do not respond as WinSCP expect.

I hope that you have an idea on what's wrong.
Advertisements
Wizz@Bell
[View user's profile]

Joined: 2015-07-22
Posts: 6
I replied the full winscp log yesterday.
Look like Winscp do not accept the certificate even if it's from a root source.

I have the .crt file or the .keystore file.

How can I define a certificate file in Winscp for WebDAV ?
Wizz@Bell
[View user's profile]

Joined: 2015-07-22
Posts: 6
Full WinSCP log:
. 2015-07-23 11:35:56.467 --------------------------------------------------------------------------
. 2015-07-23 11:35:56.467 WinSCP Version 5.7.4 (Build 5553) (OS 6.1.7601 Service Pack 1 - Windows 7 Professional)
. 2015-07-23 11:35:56.467 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2015-07-23 11:35:56.467 Log level: Normal
. 2015-07-23 11:35:56.467 Local account: BELL\******
. 2015-07-23 11:35:56.467 Working directory: C:\Users\*****\Desktop
. 2015-07-23 11:35:56.467 Process ID: 9480
. 2015-07-23 11:35:56.467 Command-line: "C:\Users\ba0ccle\Desktop\WinSCP.exe"
. 2015-07-23 11:35:56.467 Time zone: Current: GMT-4, Standard: GMT-5 (Est), DST: GMT-4 (Est (heure d’été)), DST Start: 2015-03-08, DST End: 2015-11-01
. 2015-07-23 11:35:56.467 Login time: 23 juillet 2015 11:35:56
. 2015-07-23 11:35:56.467 --------------------------------------------------------------------------
. 2015-07-23 11:35:56.467 Session name: servername.com (Modified site)
. 2015-07-23 11:35:56.467 Host name: servername.com (Port: 443)
. 2015-07-23 11:35:56.467 User name: int\!username! (Password: Yes, Key file: No)
. 2015-07-23 11:35:56.467 Transfer Protocol: WebDAV
. 2015-07-23 11:35:56.467 Proxy: none
. 2015-07-23 11:35:56.467 Local directory: default, Remote directory: /testssharepoint, Update: No, Cache: Yes
. 2015-07-23 11:35:56.467 Cache directory changes: Yes, Permanent: Yes
. 2015-07-23 11:35:56.467 DST mode: 0
. 2015-07-23 11:35:56.467 Compression: No
. 2015-07-23 11:35:56.467 --------------------------------------------------------------------------
. 2015-07-23 11:35:56.545 HTTP session to https://servername.com:443 begins.
. 2015-07-23 11:35:57.621 ssl: SNI enabled by default.
. 2015-07-23 11:35:57.621 ah_create, for WWW-Authenticate
. 2015-07-23 11:35:57.621 Sending request headers:
. 2015-07-23 11:35:57.621 OPTIONS /testssharepoint HTTP/1.1
. 2015-07-23 11:35:57.621 User-Agent: WinSCP/5.7.4 neon/0.30.1
. 2015-07-23 11:35:57.621 Keep-Alive:
. 2015-07-23 11:35:57.621 Connection: TE, Keep-Alive
. 2015-07-23 11:35:57.621 TE: trailers
. 2015-07-23 11:35:57.621 Host: servername.com
. 2015-07-23 11:35:57.621
. 2015-07-23 11:35:57.621 Sending request-line and headers:
. 2015-07-23 11:35:57.621 Doing DNS lookup on servername.com...
. 2015-07-23 11:35:57.637 req: Connecting to 142.*.*.*:443
. 2015-07-23 11:35:57.653 Doing SSL negotiation.
. 2015-07-23 11:35:57.762 ssl: Verify callback @ 0 => 18
. 2015-07-23 11:35:57.762 ssl: Verify failures |= 8 => 8
. 2015-07-23 11:35:57.824 Chain depth: 1
. 2015-07-23 11:35:57.824 ssl: Match common name 'xxxxxx.on.bell.ca' against ''
. 2015-07-23 11:35:57.824 Identity match for '': bad
. 2015-07-23 11:35:57.824 ssl: Match common name 'xxxxxx.on.bell.ca' against 'servername.com'
. 2015-07-23 11:35:57.824 Identity match for 'servername.com': bad
. 2015-07-23 11:35:57.824 Verifying certificate for "???, CA" with fingerprint xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx and 0C failures
. 2015-07-23 11:35:57.855 Certificate for "???, CA" matches cached fingerprint and failures
. 2015-07-23 11:35:57.855 Using TLSv1, cipher TLSv1/SSLv3: DHE-RSA-AES256-SHA, 2048 bit RSA
. 2015-07-23 11:35:57.855 Request sent; retry is 0.
. 2015-07-23 11:35:57.855 [status-line] < HTTP/1.1 200 OK
. 2015-07-23 11:35:57.855 Header Name: [date], Value: [Thu, 23 Jul 2015 15:36:38 GMT]
. 2015-07-23 11:35:57.855 Header Name: [server], Value: [Apache]
. 2015-07-23 11:35:57.855 Header Name: [allow], Value: [GET,HEAD,POST,OPTIONS,TRACE]
. 2015-07-23 11:35:57.855 Header Name8: [content-length], Value: [0]
. 2015-07-23 11:35:57.855 Header Name: [connection], Value: [close]
. 2015-07-23 11:35:57.855 Header Name: [content-type], Value: [text/plain]
. 2015-07-23 11:35:57.855 End of headers.
. 2015-07-23 11:35:57.918 ah_post_send (#0), code is 200 (want 401), WWW-Authenticate is (none)
. 2015-07-23 11:35:57.918 sess: Closing connection.
. 2015-07-23 11:35:57.918 sess: Connection closed.
. 2015-07-23 11:35:57.918 Request ends, status 200 class 2xx, error line:
. 2015-07-23 11:35:57.918 200 OK
. 2015-07-23 11:35:57.918 Request ends.
. 2015-07-23 11:35:57.918 --------------------------------------------------------------------------
. 2015-07-23 11:35:57.918 Using WebDAV protocol.
. 2015-07-23 11:35:57.918 Doing startup conversation with host.
. 2015-07-23 11:35:57.980 Changing directory to "/testssharepoint".
. 2015-07-23 11:35:57.980 Trying to open directory "/testssharepoint/".
. 2015-07-23 11:35:57.980 ah_create, for WWW-Authenticate
> 2015-07-23 11:35:57.980 <?xml version="1.0" encoding="utf-8"?>
> 2015-07-23 11:35:57.980 <propfind xmlns="DAV:"><allprop/></propfind>
. 2015-07-23 11:35:57.980 Sending request headers:
. 2015-07-23 11:35:57.980 PROPFIND /testssharepoint/ HTTP/1.1
. 2015-07-23 11:35:57.980 User-Agent: WinSCP/5.7.4 neon/0.30.1
. 2015-07-23 11:35:57.980 Connection: TE
. 2015-07-23 11:35:57.980 TE: trailers
. 2015-07-23 11:35:57.980 Host: servername.com
. 2015-07-23 11:35:57.980 Depth: 0
. 2015-07-23 11:35:57.980 Content-Length: 84
. 2015-07-23 11:35:57.980 Content-Type: application/xml
. 2015-07-23 11:35:57.980
. 2015-07-23 11:35:57.980 Sending request-line and headers:
. 2015-07-23 11:35:57.980 req: Connecting to 142.*.*.*:443
. 2015-07-23 11:35:57.980 Doing SSL negotiation.
. 2015-07-23 11:35:58.027 Sending request body:
. 2015-07-23 11:35:58.027 Request sent; retry is 0.
. 2015-07-23 11:35:58.027 [status-line] < HTTP/1.1 405 Method Not Allowed
. 2015-07-23 11:35:58.027 Header Name: [date], Value: [Thu, 23 Jul 2015 15:36:38 GMT]
. 2015-07-23 11:35:58.027 Header Name: [server], Value: [Apache]
. 2015-07-23 11:35:58.027 Header Name: [allow], Value: [GET,HEAD,POST,OPTIONS,TRACE]
. 2015-07-23 11:35:58.027 Header Name: [content-length], Value: [242]
. 2015-07-23 11:35:58.027 Header Name: [connection], Value: [close]
. 2015-07-23 11:35:58.027 Header Name: [content-type], Value: [text/html; charset=iso-8859-1]
. 2015-07-23 11:35:58.027 End of headers.
. 2015-07-23 11:35:58.027 ah_post_send (#0), code is 405 (want 401), WWW-Authenticate is (none)
. 2015-07-23 11:35:58.027 sess: Closing connection.
. 2015-07-23 11:35:58.043 sess: Connection closed.
. 2015-07-23 11:35:58.043 Request ends, status 405 class 4xx, error line:
. 2015-07-23 11:35:58.043 405 Method Not Allowed
. 2015-07-23 11:35:58.043 Request ends.
* 2015-07-23 11:35:58.043 (ECommand) Error changing directory to '/testssharepoint'.
* 2015-07-23 11:35:58.043 405 Method Not Allowed
. 2015-07-23 11:35:59.400 Getting current directory name.
. 2015-07-23 11:35:59.587 ah_create, for WWW-Authenticate
> 2015-07-23 11:35:59.587 <?xml version="1.0" encoding="utf-8"?>
> 2015-07-23 11:35:59.587 <propfind xmlns="DAV:"><allprop/></propfind>
. 2015-07-23 11:35:59.587 Sending request headers:
. 2015-07-23 11:35:59.587 PROPFIND /testssharepoint/ HTTP/1.1
. 2015-07-23 11:35:59.587 User-Agent: WinSCP/5.7.4 neon/0.30.1
. 2015-07-23 11:35:59.587 Connection: TE
. 2015-07-23 11:35:59.587 TE: trailers
. 2015-07-23 11:35:59.587 Host: servername.com
. 2015-07-23 11:35:59.587 Depth: 1
. 2015-07-23 11:35:59.587 Content-Length: 84
. 2015-07-23 11:35:59.587 Content-Type: application/xml
. 2015-07-23 11:35:59.587
. 2015-07-23 11:35:59.587 Sending request-line and headers:
. 2015-07-23 11:35:59.587 req: Connecting to 142.*.*.*:443
. 2015-07-23 11:35:59.587 Doing SSL negotiation.
. 2015-07-23 11:35:59.774 Sending request body:
. 2015-07-23 11:35:59.774 Request sent; retry is 0.
. 2015-07-23 11:35:59.805 [status-line] < HTTP/1.1 405 Method Not Allowed
. 2015-07-23 11:35:59.805 Header Name: [date], Value: [Thu, 23 Jul 2015 15:36:40 GMT]
. 2015-07-23 11:35:59.805 Header Name: [server], Value: [Apache]
. 2015-07-23 11:35:59.805 Header Name: [allow], Value: [GET,HEAD,POST,OPTIONS,TRACE]
. 2015-07-23 11:35:59.805 Header Name: [content-length], Value: [242]
. 2015-07-23 11:35:59.805 Header Name: [connection], Value: [close]
. 2015-07-23 11:35:59.805 Header Name: [content-type], Value: [text/html; charset=iso-8859-1]
. 2015-07-23 11:35:59.805 End of headers.
. 2015-07-23 11:35:59.805 ah_post_send (#0), code is 405 (want 401), WWW-Authenticate is (none)
. 2015-07-23 11:35:59.805 sess: Closing connection.
. 2015-07-23 11:35:59.805 sess: Connection closed.
. 2015-07-23 11:35:59.805 Request ends, status 405 class 4xx, error line:
. 2015-07-23 11:35:59.805 405 Method Not Allowed
. 2015-07-23 11:35:59.805 Request ends.
* 2015-07-23 11:35:59.899 (ECommand) Error listing directory '/testssharepoint'.
* 2015-07-23 11:35:59.899 405 Method Not Allowed
. 2015-07-23 11:36:00.539 Startup conversation with host finished.
. 2015-07-23 11:36:03.612 sess: Destroying session.

Look like he refuse the certificate which is allow by browser.
I have the .crt file or the key in a keystore.

Any way to allow this communication ?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24993
Location: Prague, Czechia
The problem has nothing to do with the certificate.

The net use command behaves like if you are connecting over HTTP proxy (the CONNECT command).
I have no idea what the command actually does.
How that that relate to Windows Explorer (if it does)?
Wizz@Bell
[View user's profile]

Joined: 2015-07-22
Posts: 6
"Net use" work...
I just hope similar result in winscp with WebDAV.

The problem is this:
. 2015-07-23 11:35:57.653 Doing SSL negotiation.
. 2015-07-23 11:35:57.762 ssl: Verify callback @ 0 => 18
. 2015-07-23 11:35:57.762 ssl: Verify failures |= 8 => 8
. 2015-07-23 11:35:57.824 Chain depth: 1
. 2015-07-23 11:35:57.824 ssl: Match common name 'xxxxxx.on.bell.ca' against ''
. 2015-07-23 11:35:57.824 Identity match for '': bad
. 2015-07-23 11:35:57.824 ssl: Match common name 'xxxxxx.on.bell.ca' against 'servername.com'
. 2015-07-23 11:35:57.824 Identity match for 'servername.com': bad
. 2015-07-23 11:35:57.824 Verifying certificate for "???, CA" with fingerprint xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx and 0C failures
. 2015-07-23 11:35:57.855 Certificate for "???, CA" matches cached fingerprint and failures

From my understanding, it's a failure to negociate SSL protocol.

Any idea how to fix that?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24993
Location: Prague, Czechia
Again, this has nothing to do with SSL or certificates.

The log records you refer to are not related to the problem you are facing.

Can I ask again how does the net use command relate to you browsing the WebDAV site in Windows Explorer?
Wizz@Bell
[View user's profile]

Joined: 2015-07-22
Posts: 6
I will explain you the context since you ask about who "net" command work.

Basicly I want to connect to a 'Microsoft SharePoint 2013' (https) who have implemented webdav protocol.
With SharePoint documentation, you can find that SharePoint 2010 and 2013 are compatible with WebDAV.

https://support.riverbed.com/bin/support/static/hqs5redbo2blgk6d8tlejhstvk/html/fidl3j3el34d14ou0h1hvktt8f/sh_9.1_dg_protocols_html/index.html#page/sh_9.1_dg_protocols/http.06.07.html


You can connect directly using Windows share drive.. or net command.
http://support.sherweb.com/Faqs/Show/how-to-connect-to-a-sharepoint-site-using-webdav-sharepoint-2013

The net command is
"NET USE * https://servername:443/testssharepoint/ password /USER:different_domain\username"
Website confirm "net" command use WebDAV protocol:
http://smallvoid.com/article/winnt-webdav-network-drive.html


So I think it's work well with WebDAV protocol and I hope make it work in WinSCP.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24993
Location: Prague, Czechia
From the "net use" logs I assume that you connect over HTTP proxy.
So please try to configure WinSCP according to that.
https://winscp.net/eng/docs/ui_login_proxy
Wizz@Bell
[View user's profile]

Joined: 2015-07-22
Posts: 6
You got it.

The thing is direct SSL do not require proxy but http (80) do require a proxy.
In https pure, I was able to connect to any https like "https Google" but they require particular certificate allowing bypass proxy.

So I except just apply this certificate to WebDAV connection.

After few tweaks, the thing work like a charm passing by the default HTTP proxy.

Thank you prikryl.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License