Condividi tramite


IIS7: How to enable webdav for (multiple) a website(s) via script

Configuring WebDAV requires some steps, e.g.:

  • enabling webdav for a specific site
  • add an webdav authoring rule for a specific user
  • configure WebDAV with Request Filtering (i.e. not to apply rules for webdav traffic)
  • enable / allow windows authentication for this site
  • creating windows accounts and give them NTFS permissions on the physical path where the website content is located.
  • (set dynamic IP restrictions)

If you want to do this for a couple of websites – you probably want to do this automatically.

This can be done by calling a batch file multiple times. Once for each website - doing all of the actions as stated above:

Here is my version:

here is what goes into the batch “webdav.cmd”:

@echo off
rem the first input parameter %1 takes the website name with quotation marks e.g. "Default Web Site"
rem the second input parameter %2 takes a password for the windows user that will associated with the webdav user has the same name as the website e.g."Default Web Site"

rem Create a windows account with the same name as the website
net user %1 %2 /add /EXPIRES:NEVER

rem build command string to get the root directory of a website using appcmd.exe
set name= %windir%\system32\inetsrv\appcmd.exe list vdir "%~1/" /text:physicalPath'

echo website "%~1/"

rem call icacls to set permissions on each directory
for /F %%X in ('call %name%) do (echo add NTFS permissions on root: %%X for user "%~1" && call icacls "%%X" /grant "%~1:(OI)(CI)(M)")

rem IIS per web site settings
rem enable windows authentication on webdav site
rem you might use basic auth in conjunction with SSL and https://support.microsoft.com/default.aspx?scid=kb;EN-US;963047
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/authentication/windowsAuthentication /enabled:"true" /commit:apphost

rem enable webdav on a site basis
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoring /enabled:"True" /requireSsl:"False" /commit:apphost
rem create a webdav allow rule for the user e.g."Default Web Site"
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoringRules /+"[users='%~1',path='*',access='Read, Write, Source']" /commit:apphost
rem disable locks for webdav authoring - you might need locks in a multi-source authoring environment.
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoring /locks.enabled:"False" /locks.requireLockForWriting:"False" /commit:apphost

rem make IIS Request filter behave nice to webdav requests
rem note that these settings get into applicationhost.config - so that the inetmgr UI picks them up
rem see also https://learn.iis.net/page.aspx/354/how-to-configure-webdav-with-request-filtering/
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /fileExtensions.applyToWebDAV:"False" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /verbs.applyToWebDAV:"False" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /hiddenSegments.applyToWebDAV:"False" /commit:apphost 

rem if you have dynamic request filtering installed
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/ipSecurity /dynamicRestrictions.denyByRequestsOverTime.enabled:"true" /commit:apphost

 

Run webdav.cmd with 2 parameters e.g.: webdav.cmd “Default web site” password

and the output should look similar to this:
webdav.cmd output

The following will be done:

a user will be created “Default web site”

default web site user

permissions will be granted for this user on the web content directory:

webdav ntfs permissions

webdav will be enabled in IIS for the “Default web site” and an webdav authoring rule for this user created:

webdav authoring rule

additionally windows auth will be enabled on this site:

windows authentication enabled

and finally some webdav settings will be set for the site:

webdav settings

To enable webdav for multiple websites on an IIS automatically you just need to call the script multiple times from the cmd line:

FOR /F %f IN ('%systemroot%\system32\inetsrv\APPCMD list site /text:name') DO CALL webdav.cmd %f password

 

backup before - no warranties – hth Zwinkerndes Smiley