开发者

Securing an IIS 7 WebDav enabled virtual folder with ADFS

We have an ASP.NET application on IIS 7 that accepts authentication tokens from ADFS 2. We used Windows Identity Foundation in the application to do that.

On the same IIS, we have a WEBDAV enabled folder to which Microsoft Office users save files. This works fine on an intranet using Windows Authenticat开发者_如何学Cion. This involves no application code at all.

We would now like to secure access to the WebDav folder using ADFS too. But since IIS handles WEBDAV, there is no application to which I can add the ADFS authentication.

Two questions:

  • How to setup WEBDAV on IIS for ADFS authentication?
  • Will Word and Excel 2007 handle the interaction with ADFS?


Microsoft Office can do forms based authentication when accessing WebDav resources. To make this work, the server must implement the MS-OFBA protocol.

IIS does not natively have MS-OFBA authentication. It is, however, possible to add custom authentication to a WebDav enabled folder in IIS by putting a IHttpModule in the bin folder. This module can do any authentication required.

Through MS-OFBA, Office can display one or more html-forms for entry of credentials. I am currently working on a HttpModule that does two-factor authentication displaying two consecutive forms.

WebDav Authoring Rules can make the bin folder and its contents invisible to the WebDav client.

So, we ended up doing the required authentication without ADFS.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜