none
Webdav SSL & Client Certificates & KB 941050 RRS feed

  • Question

  • Hello folks,

     

    can anyone confirm that fix described in KB 941050 does not work or apply on WebDav connections being secured with SSL Client Certificates?

    We have the following situation:

     

    - a Windows Sharepoint Server working with SSL and password digest authentication

    - an Apache Server with SSL and WebDAV extension enanbled and which has a mixed setup accepting passwords form some folders and Client Certificates only for others.

    We always had the problem described in KB 941050- so the users are Mapping a Network drive to a specific webdav folder- after rebooting Windows Vista the access to these folders was denied and the Server was stating "

    "The operation being requested was not performed because the user has not been authenticated"

    This happed with both webdav resources- let them call us https://a.company.com/foo and https://b.company.com/bar.

    As soon as the user disconnects the WebDav ressource in the Windows Explorer and reconnects to the ressource he is asked for either the password or for suppling his user's Certificate. After that he may use the ressource as expected.

    After applying the registry Changes stated as above the access to the sharepoint site is working- even without asking for a password- as expected- but- the access to the Apache Server is still denied with the same error Message- no matter if the ressource would have been authenticated with a client certificate or a password.

    Please note: the Web Server is always asking for a certificate even if the user has not to provide one for the specific folder or not as this is done when doing the SSL- handshake the server does not yet know which path the client would request. So clients which don't own a Certificate simply don't provide one and authenticate using their password to access their folders.

    So access to https://b.company.com/bar/foo would require a specific certificate with specific attributes and access to https://b.company.com/bar/bar won't- but the user is always requested to give a certificate.

    On Windows 7 there is a different and even more annoying behaviour- the network drive isn't mapped on Login but if you try to access it in the windows explorer you are asked for the certificate- if you don't provide one you will be asked for the password and after providing the password access is beeing granted- but after a short time- let be five minutes- the ressource isn't available anymore Windows is stating that the Authentication has failed, because the Server-passphrase isn't valid anymore on the domain Controller.

    Has anyone tried this till now and may confirm this problems- or even suggest a solution?

     

    Thanks in advance.

    Monday, May 10, 2010 10:21 AM