WebDAV and anonymous+authenticated access

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

WebDAV and anonymous+authenticated access

Marc
Hello,

Is it possible to setup nginx so that it shares a directory via WebDAV
which would have read+write access for authenticated users and simple
read access for non-authenticated/guest/anonymous users ?

At the moment my WebDAV setup works correctly but only for authenticated
users. Authentication is always required if I try to browse to
https://myserver/myshare via a web browser.

How can I solve this ?

Thanks.

--
Marc

PGP : E12177BF 24CC9C9B
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: WebDAV and anonymous+authenticated access

Francis Daly
On Sun, Sep 22, 2019 at 12:39:37PM +0200, Marc wrote:

Hi there,

Untested suggestions...

> Is it possible to setup nginx so that it shares a directory via WebDAV
> which would have read+write access for authenticated users and simple
> read access for non-authenticated/guest/anonymous users ?

Without knowing about the details of WebDAV, I suspect that the simplest
way would probably be to have two urls -- /ro-share and /rw-share --
that share the same directory. Require authentication on "rw"; and not on
"ro"; and let the user choose which they want to access.

> At the moment my WebDAV setup works correctly but only for authenticated
> users. Authentication is always required if I try to browse to
> https://myserver/myshare via a web browser.
>
> How can I solve this ?

There is no concept of "optional http basic authentication" that a
generic browser will work with (I believe), so if you have configured
authentication by http basic auth, then you probably have to use two urls.

There is a concept of "optional ssl client certificates", so if you have
configured authentication by client certificates, then you possibly can use
a shared url, and react differently to "valid cert" and "no valid cert".

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: WebDAV and anonymous+authenticated access

Francis Daly
On Sun, Sep 22, 2019 at 01:42:36PM +0100, Francis Daly wrote:
> On Sun, Sep 22, 2019 at 12:39:37PM +0200, Marc wrote:

Hi there,

> Untested suggestions...

and one more, also untested...

> > Is it possible to setup nginx so that it shares a directory via WebDAV
> > which would have read+write access for authenticated users and simple
> > read access for non-authenticated/guest/anonymous users ?

http://nginx.org/en/docs/http/ngx_http_dav_module.html includes an
example configuration that includes "limit_except GET {".

Would something like that work for you?

Require authorization for any method other than GET -- GET is probably
read-only, and anything else is possibly read-write.

(You may need to investigate whether OPTIONS needs to be allowed in the
same way as GET.)

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx