The problem: Formbased access to sharepoint by WebDav

In one of my projects I’m currently using WebDav to communicate to a sharepoint server. To minimize the developing costs regarding WebDav and to speed up the project I evaluated a nice library from ITHit which fully implements WebDAV RFC 2518 and DeltaV RFC 3253. The library is pretty straight forward to use and implemented in TDD manor. The cool thing also about this library is that resources and items from the remote location are returned as interfaces which really simplifies testing in your application basing on this library.

The WebDav Client Library for .NET from ITHit can be found

The sharepoint server of the customer has two zones:

  • An external zone (let’s call it which uses form based access to verify the user credentials
  • An internal zone (let’s call it which uses NTLM or Kerboros authentication to verify user credentials

In the internal zone it is possible to use an active directory user and password, for a successful login a domain must be provided too. A credential input dialog in the browser looks like the following when using the internal zone:


When using the external zone the credentials input is not a mask as previously shown but a ASP.NET webpage which allows to enter the user data. An example how this page could look like is provided in the screen shot below:


The form based login uses ASP.NET membership providers and the users are stored in a separate SQL Server database. The sharepoint portal allows to administer the ASP.NET memberships and their rights and roles. Now here’s where the big problem comes in. When using the external zone unauthorized users are not getting an unauthorized page from the browser or any type of login callback as you would expect. The sharepoint simply displays the login page to the user or in our case the sharepoint server sends the page by HTTPResponse to our library trying to connect to a WebDav resource by using the external zone. So now we are in big trouble!

Analyzing the possibilities of the WebDav Client library for .NET tells us that we could implement custom authentication schemes by implementing IAuthenticationModule and registering the newly created IAuthenticationModule by using AuthenticationManager. But tests showed that as previously mentioned no authentication callback is send back to the client from the server when trying to connect to the external zone on sharepoint. Simply the authentication form is sent back to the unauthorized client.

How this problem can be solved I’ll show you in the next part of the article. Stay tuned!

About the author

Daniel Marbach


Recent Posts