WebDAV Authoring Rules <authoringRules>

Overview

The <authoringRules> element can be defined per-URI within a Web site, and specifies the WebDAV authoring permissions for that URI space. The permissions in this element are inherited, so child URIs will have the same permissions as a parent URI, provided that the child URI does not have unique permissions defined.

The element contains a series of <add> elements that define the individual authoring rules, which contain the access permissions for users or groups for specific content types.

WebDAV authoring rules may seem somewhat analogous to authorization settings that are found in the <authorization> element, but are stored separately so that IIS maintains two different sets of authorization: one for regular HTTP (non-WebDAV) requests and the other for WebDAV requests.

Compatibility

Version Notes
IIS 7.5 The <authoringRules> element ships as a feature of IIS 7.5.
IIS 7.0 The <authoringRules> element was introduced in WebDAV 7.0, which was a separate download for IIS 7.0.
IIS 6.0 N/A

Note: The WebDAV 7.0 and WebDAV 7.5 modules shipped out-of-band for IIS 7.0, which required downloading and installing the modules from the following URL:

http://www.iis.net/expand/WebDAV

With Windows 7 and Windows Server 2008 R2, the WebDAV 7.5 module ships as a feature for IIS 7.5, so downloading WebDAV is no longer necessary.

Setup

To support WebDAV publishing for your Web server, you must install the WebDAV module. To do so, use the following steps.

IIS 7.5 for Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, expand Common HTTP Features, select WebDAV Publishing, and then click Next.
  5. On the Confirm Installation Selections page, click Install.
  6. On the Results page, click Close.

IIS 7.5 for Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. Expand Internet Information Services, then World Wide Web Services, and then Common HTTP Features.
  4. Select WebDAV Publishing, and then click OK.

IIS 7.0 for Windows Server 2008 and Windows Vista

How To

How to add WebDAV authoring rules

  1. Open Internet Information Services (IIS) Manager:
    • If you are using Windows Server 2008 or Windows Server 2008 R2:
      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows Vista or Windows 7:
      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, and then go to the site, application, or directory where you want to enable directory browsing.
  3. In the Home pane, double-click WebDAV Authoring Rules.
  4. In the Actions pane, click Add Authoring Rule...
  5. In the Add Authoring Rule dialog, specify the following options:
    • Allow access to: Specify whether the authoring rule should apply to all content types, or specify specific content types to allow.
    • Allow access to this content to: Specify whether the authoring rule should apply to all users, to specific groups or roles, or to specific users.
    • Permissions: Specify whether the authoring rule should allow Read, Write, or Source access for the specified content types and users.
  6. Click OK.

Configuration

The <authoringRules> element is configurable per-URI in the ApplicationHost.config file. Settings can be stored globally, at the site level, or per folder. The <authoringRules> element cannot be delegated, so any <authoringRules> elements in Web.config files are ignored.

Attributes

Attribute Description
defaultAccess Optional flags attribute.

Specifies the default access settings for WebDAV authoring. These values combined with a logical OR operation, so "None, Read" = "Read."

Note: Source access allows a WebDAV client to request the contents of a script-mapped file, such as an ASP.NET or PHP file, as opposed to the processed output of the file.

The default value is None.

Value Description
None No authoring is allowed.

The numeric value is 0.
Read Read access is allowed.

The numeric value is 1.
Write Write access is allowed.

The numeric value is 2.
Source Access to source code is allowed.

The numeric value is 16.
allowNonMimeMapFiles

Optional Boolean attribute.

true if WebDAV requests should be allowed for files that are not defined in the MIME map; otherwise, false.

For example, files that are script-mapped are not defined in the MIME map, but Web authors may still need to edit these files, which are not allowed in IIS requests by default. When set to true, the WebDAV module will accept requests for files that are not included in the MIME map. When set to false, the module will require that all files are found in the MIME map and return a "404.3 - MIME map policy prevents this request" error for any request that does not match the MIME list.


The default value is false.

defaultMimeType Optional string attribute.

Specifies the default MIME type for files that do not have an explicit MIME type defined.

The default value is application/octet-stream.

Child Elements

Element Description
add Optional element.

Adds an authoring rule to the collection of authoring rules.
clear Optional element.

Clears the collection of authoring rules.
remove Optional element.

Removes an authoring rule from the collection of authoring rules.

Configuration Sample

The following example lists a sample <webdav> element for the Default Web Site. This example clears any existing authoring rules, adds a single rule for the administrators group, enables WebDAV authoring, specifies that hidden files are allowed, enables WebDAV locks and specifies the lock provider, and enables WebDAV properties and specifies the default XML namespace for property mapping.

<location path="Default Web Site">
   <system.webServer>
      <webdav>
         <authoringRules defaultAccess="none" allowNonMimeMapFiles="true" defaultMimeType="text/plain">
            <clear />
            <add roles="administrators" path="*" access="Read, Write, Source" />
         </authoringRules>
         <authoring enabled="true" requireSsl="false">
            <fileSystem allowHiddenFiles="true" />
            <locks enabled="true" lockStore="webdav_simple_lock" requireLockForWriting="false" />
            <properties allowAnonymousPropfind="false" allowInfinitePropfindDepth="false" allowCustomProperties="true">
               <clear />
               <add xmlNamespace="*" propertyStore="webdav_simple_prop" />
            </properties>
         </authoring>
      </webdav>
   </system.webServer>
</location>

Sample Code

The following examples configure WebDAV authoring rules so that WebDAV clients can publish files that are not listed in the IIS MIME map, and add a single authoring rule that grants Read, Write, and Source access to the administrators group.

AppCmd.exe

appcmd.exe set config "Default Web Site" -section:system.webServer/webdav/authoringRules /allowNonMimeMapFiles:"True" /commit:apphost

appcmd.exe set config "Default Web Site" -section:system.webServer/webdav/authoringRules /+"[roles='administrators',path='*',access='Read, Write, Source']" /commit:apphost

Note: You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.

C#

using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
         Configuration config = serverManager.GetApplicationHostConfiguration();

         ConfigurationSection authoringRulesSection = config.GetSection("system.webServer/webdav/authoringRules", "Default Web Site");
         authoringRulesSection["allowNonMimeMapFiles"] = true;

         ConfigurationElementCollection authoringRulesCollection = authoringRulesSection.GetCollection();

         ConfigurationElement addElement = authoringRulesCollection.CreateElement("add");
         addElement["roles"] = @"administrators";
         addElement["path"] = @"*";
         addElement["access"] = @"Read, Write, Source";
         authoringRulesCollection.Add(addElement);

         serverManager.CommitChanges();
      }
   }
}

VB.NET

Imports System
Imports System.Text
Imports Microsoft.Web.Administration

Module Sample
   Sub Main()
      Dim serverManager As ServerManager = New ServerManager
      Dim config As Configuration = serverManager.GetApplicationHostConfiguration

      Dim authoringRulesSection As ConfigurationSection = config.GetSection("system.webServer/webdav/authoringRules", "Default Web Site")
      authoringRulesSection("allowNonMimeMapFiles") = True

      Dim authoringRulesCollection As ConfigurationElementCollection = authoringRulesSection.GetCollection

      Dim addElement As ConfigurationElement = authoringRulesCollection.CreateElement("add")
      addElement("roles") = "administrators"
      addElement("path") = "*"
      addElement("access") = "Read, Write, Source"
      authoringRulesCollection.Add(addElement)

      serverManager.CommitChanges()
   End Sub
End Module

JavaScript

var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";

var authoringRulesSection = adminManager.GetAdminSection("system.webServer/webdav/authoringRules", "MACHINE/WEBROOT/APPHOST/Default Web Site");
authoringRulesSection.Properties.Item("allowNonMimeMapFiles").Value = true;

var authoringRulesCollection = authoringRulesSection.Collection;

var addElement = authoringRulesCollection.CreateNewElement("add");
addElement.Properties.Item("roles").Value = "administrators";
addElement.Properties.Item("path").Value = "*";
addElement.Properties.Item("access").Value = "Read, Write, Source";
authoringRulesCollection.AddElement(addElement);

adminManager.CommitChanges();

VBScript

Set adminManager = createObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST"

Set authoringRulesSection = adminManager.GetAdminSection("system.webServer/webdav/authoringRules", "MACHINE/WEBROOT/APPHOST/Default Web Site")
authoringRulesSection.Properties.Item("allowNonMimeMapFiles").Value = True

Set authoringRulesCollection = authoringRulesSection.Collection

Set addElement = authoringRulesCollection.CreateNewElement("add")
addElement.Properties.Item("roles").Value = "administrators"
addElement.Properties.Item("path").Value = "*"
addElement.Properties.Item("access").Value = "Read, Write, Source"
authoringRulesCollection.AddElement(addElement)

adminManager.CommitChanges()
Deprecated Elements