Hello If you tried to use mod_dav_fs with recent MS Office on Windows, you probably had the unpleaseant experience of being prompted for authentication on every time an MS Office program is started. This is because it has its own WebDAV client and it does not use the Windows network drive.
There are various workarounds [1], one of them being to implement MS-OFBA [2] which stands for Office Forms Based Authentication. It works this way: - An OFBA-capable client sends an unauthenticated OPTIONS request. OFBA capability is advertised either by a specific HTTP header, or through a list of specified User-Agent strings. - The serveur replies with HTTP status 403 FORBIDDEN with OFBA-specific headers pointing to a form where authentication should happen - The client invokes MS Internet Explorer or Edge and display the form. Once authentication is done, it obtains a session cookie which is shared among all OFBA capable clients, until it expires. - MS Office now access the WebDAV share using the session cookie, and it does not prompt for authentication anymore. I crafted a patch that implements MS-OFBA in mod_auth_form [3]. It depends on 4 previously filed changes [4, 5, 6, 7]. I have not yet filled a bug report in bugzilla for the mod_auth_form.c [3] patch because it probably needs to be improved a bit. Here is the problem: if OFBA is enabled and mod_auth_form detected an unauthenticated OFBA-capable client, it must reply with an HTTP status 403, with OFBA headers. For now I do that by registering an output filter so that I can regain control after authentication and detect that the client was not authenticated. Is there a better suited hook for that? Any other comment on the patches? An Apache WebDAV server playing better with MS Office would be a great benefit, hence I hope this will get some interest. [1] https://support.microsoft.com/en-us/help/2019105/authentication-requests-when-you-open-office-documents [2] https://msdn.microsoft.com/en-us/library/office/cc313069(v=office.12).aspx [3] https://ftp.espci.fr/shadow/manu/patch20170329-modules_aaa_mod_auth_form.c [4] https://bz.apache.org/bugzilla/show_bug.cgi?id=60908 [5] https://bz.apache.org/bugzilla/show_bug.cgi?id=60909 [6] https://bz.apache.org/bugzilla/show_bug.cgi?id=60708 [7] https://bz.apache.org/bugzilla/show_bug.cgi?id=60910 -- Emmanuel Dreyfus [email protected]
