0

I am currently working on a POC and made quite a lot of progress thanks to IT-Hit WebDAV Library. However, I am currently stuck at the authentication. I am using the "OnBeforeRequestSend"-Hook to add my authentication header containing my current access-token. This approach works very well for all the request coming from my webapp. Nevertheless, the problem I am facing right now is, that I lose the authentication-token for every request from the webdav-client... In order to tell the webdav-client apart from any other website, I thought about using the User-Agent-Header to determine what behavior the server is going to exhibit. To be exact: I thought about only checking the token when the user-agent is not "Microsoft Office ...". Since this solution seems very error prone, I wanted to ask If there is another way to pass the authentication-header from my webapp through the webdav-client to the webdav-server, so that i can validate/verify every request to webdav-server independently of the source (webapp or webdav-client)?

My current stack is:

  • WebApp written in TypeScript
  • WebDAV-Server written in .Net

thanks and best regards, greenbird

GreenBird
  • 1
  • 1

1 Answers1

0

Look into implementing MS-OFBA, this will work as you desire.

Jan Martin
  • 408
  • 3
  • 11