Hello This contribution has not met an enthousiast reaction. No comment, anyone?
On Wed, Mar 29, 2017 at 01:05:48PM +0000, Emmanuel Dreyfus wrote: > Hello > > If you tried to use mod_dav_fs with recent MS Office on Windows, > you probably had the unpleaseant experience of being prompted for > authentication on every time an MS Office program is started. This > is because it has its own WebDAV client and it does not use the > Windows network drive. > > There are various workarounds [1], one of them being to implement > MS-OFBA [2] which stands for Office Forms Based Authentication. It > works this way: > > - An OFBA-capable client sends an unauthenticated OPTIONS request. > OFBA capability is advertised either by a specific HTTP header, or > through a list of specified User-Agent strings. > > - The serveur replies with HTTP status 403 FORBIDDEN with OFBA-specific > headers pointing to a form where authentication should happen > > - The client invokes MS Internet Explorer or Edge and display the form. > Once authentication is done, it obtains a session cookie which is shared > among all OFBA capable clients, until it expires. > > - MS Office now access the WebDAV share using the session cookie, and it > does not prompt for authentication anymore. > > I crafted a patch that implements MS-OFBA in mod_auth_form [3]. It > depends on 4 previously filed changes [4, 5, 6, 7]. I have not yet > filled a bug report in bugzilla for the mod_auth_form.c [3] patch > because it probably needs to be improved a bit. > > Here is the problem: if OFBA is enabled and mod_auth_form detected > an unauthenticated OFBA-capable client, it must reply with an HTTP > status 403, with OFBA headers. For now I do that by registering an > output filter so that I can regain control after authentication > and detect that the client was not authenticated. Is there a better > suited hook for that? > > Any other comment on the patches? An Apache WebDAV server playing > better with MS Office would be a great benefit, hence I hope this > will get some interest. > > > [1] > https://support.microsoft.com/en-us/help/2019105/authentication-requests-when-you-open-office-documents > [2] https://msdn.microsoft.com/en-us/library/office/cc313069(v=office.12).aspx > [3] https://ftp.espci.fr/shadow/manu/patch20170329-modules_aaa_mod_auth_form.c > [4] https://bz.apache.org/bugzilla/show_bug.cgi?id=60908 > [5] https://bz.apache.org/bugzilla/show_bug.cgi?id=60909 > [6] https://bz.apache.org/bugzilla/show_bug.cgi?id=60708 > [7] https://bz.apache.org/bugzilla/show_bug.cgi?id=60910 > > -- > Emmanuel Dreyfus > [email protected] -- Emmanuel Dreyfus [email protected]
