Re: WebdavServlet protected resources cannot be opened in Word

Thu, 25 May 2023 12:01:01 -0700 

All,

On 5/24/23 07:17, Mark Thomas wrote:

On 24/05/2023 08:03, Кирилл Бубович wrote:
We use webdav servlet <https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/WebdavServlet.java> to enable editing docx documents. We also use the |ms-word:ofe|u|https://www.example.com/document.docx <https://www.example.com/document.docx>| scheme in our application to be able to edit documents. The Office URI Scheme documentation <https://learn.microsoft.com/en-us/office/client-developer/office-uri-schemes> contains a "Security Considerations" section for all schemes. These sections describe the need to guard against opening documents from untrusted remote systems. 


We have tried enabling basic AUTH to secure documents, which is 
probably not the best approach since credentials will constantly be 
moving over the network, but this is just for testing to understand 
how it works. When we try to open a protected document in Word, we see 
a form asking for credentials.


image.png


However, the entered credentials do not affect the application 
request, and the request still does not contain an authorization header.



How to properly implement document protection and how to make it so 
that Word client can log in in the appropriate way? Thanks in advance 
for your help!



The Microsoft WebDAV implementations have a history of non-specification 
compliant behaviour.



It's awful. It's almost like Microsoft is single-handedly trying to kill 
WebDAV.


>> We have tried enabling basic AUTH to secure documents...


Microsoft does not like to use HTTP Basic authentication -- even over 
HTTPS -- for WebDAV. It depends upon exactly which client is being used 
to access the file but at $work we have to purchase licenses from a 
third-party for a network driver which properly implements WebDAV.



Microsoft /will/ allow HTTP Digest authentication which is a standard 
which should no longer exist.



Your problem may be that your MS client just refuses to work properly. 
You may have to either give-up or use third-party software like we have 
had to do.


-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to