Windows 7 cannot automatically reconnect a DAV share when Basic Authentication is used.
Consider the following scenario on a Windows 7 PC:
- You have used the 'Map Network Drive' or the 'Add Network Location' wizard to connect a WebDav share or folder.
- Basic Authentication is used for this resource (this is often used for connections to 3rd party DAV servers like Apache, Oracle, SAP etc.)
The resource will not be accessible after a system reboot or user logoff and logon.
Windows can not access the SSL webDav folder. It throws Network Error
"Windows cannot access \\server.company.com@SSL\davWWWRoot\folder1\folder2\folder3\docs.
Check the spelling of the name. Otherwise, there might be a problem with your network. To try to identify and resolve network problems, click diagnose.
Error code: 0x80070035
The network path was not found."
Note: Error code: 0x80070035 maps to ERROR_BAD_NETPATH
System Error 1244:
The operation being requested was not performed because the user has not been authenticated.
Note: Error code: 1244 maps to ERROR_NOT_AUTHENTICATED
This behavior is by design in Basic authentication mode of Windows 7.
In Windows 7 Basic authentication cannot be persisted by the Credential Manager in Windows 7, this is new to the OS.
The only way with Basic authentication mode to reconnect is to disconnect the drive and reconnect again, because WinHttp is not able to retrieve saved Basic and Digest credentials.
For persistent connections ensure that an authentication scheme is selected that allowes to have persistent credentials through a reboot.
For example Kerberos for authentication or certificate based authentication will work.
Use a logon script that re-connects the DAV share at user logon:
Example include the following line in the user logon script:
net use X: http://server.company.com@8080/folder1/folder2/docs /persistent:no
where 8080 is the TCP port number for SSL connection to DAV server
net use X: \\server.company.com@SSL\davWWWRoot\folder1\folder2\docs
Basic authentication is a widely used, industry-standard method for collecting user name and password information. The advantage of Basic authentication is that it is part of the HTTP specification and is supported by most browsers.
However, Basic authentication prompts the user for a username and password. This information is then sent unencrypted over the network.
The Basic authentication method is not recommended unless you are sure that the connection between the user and the web server is secured (by using SSL or a direct connection, for example).
With Basic authentication, the password is sent over the network in plain text. If this password is intercepted over the network by a network sniffer, an unauthorized user can determine the username and password and reuse these credentials.
It is because of this security risk that Office 2010 applications disable Basic authentication over a non-SSL connection in the default configuration.
2123563 You cannot open Office file types directly from a server that supports only Basic authentication over a non-SSL connection
Basic authentication in Windows 7 is not enabled by default, if you are trying to connect to HTTP resources.
For HTTP access the key BasicAuthLevel=2 as per KB841215 needs to be set (2 = Basic authentication enabled for SSL and for non-SSL connections).
841215 You cannot connect to a document library in Windows SharePoint Services 3.0 or Windows SharePoint Services 2.0 by using Windows shell commands or by using Explorer View
If no proxy is configured, WinHTTP sends credentials only to local intranet sites.
If there is an HTTP proxy program running on the client - or no proxy server entry is configured and you try to connect to a resource with FQDN like http://server.company.com.
you should use the AuthForwardServerList registry key as per KB943280 to explicitly list the servers you want to be treated as internal - and thus pass credentials for.
943280 Prompt for Credentials When Accessing FQDN Sites From a Windows Vista or Windows 7 Computer
941050 Error message on a Windows Vista-based computer when you try to access a network drive that is mapped to a Web share: "The operation being requested was not performed because the user has not been authenticated"
960646 If the "Reconnect at logon" option is selected, a network drive that is mapped to a Web share is displayed as a red X after you restart a computer that is running Windows Vista or Windows Server 2008
2560598 "The folder you entered does not appear to be valid. Please choose another" error when you use "Add a network connection" to connect to a nested WebDAV subfolder in Windows 7 or Windows Server 2008 R2
Note if you follow the steps in KB2560598, do not activate the '[x] Reconnect at logon' option, as this will not work for Basic Authentication.
If you have choosen the option accidently you should purge saved credentials using Start Search 'Credential Manager' user interface (GUI).
WebDAV Redirector Registry Settings
Article ID: 2673544 - Last Review: 06/08/2012 01:27:00 - Revision: 6.0