My company is interested in providing secure Internet access to internal file servers, and the approach described in your article "WebDAV for Remote Access," May 2006, Instant-Doc ID 49847, sounds like a good one. I tested your solution in my test environment and verified that Internet access to the file server share is available and that logon is required.
However, when I disallow WWW Distributed Authoring and Versioning (WebDAV) through the Web Service Extensions node in IIS Manager and reboot the Microsoft IIS server (to make sure the changes take effect), Internet access to the internal file share is still available. So what exactly is WebDAV supposed to be doing in this process? Do I really need Web-DAV to enable Internet access to an internal file server?
If you disable WebDAV, you can still access the Web server by using the directory browsing access afforded by IIS alone. However, there are two important limitations if you don't use WebDAV. First, you can't upload new files or delete or rename files. Second, you have to download documents via Microsoft Internet Explorer (IE) before opening them in Microsoft Office.
However, if you enable WebDAV, users will be able to upload, delete, and rename files like they would with a file server. Also, Microsoft Office 2003 and some other applications will open and save documents directly to the Web site by using the normal file open/save dialog box, giving users virtually the same experience as they have when using a local file server.
Other than those two functional limitations, there's no security difference between using and not using WebDAV.
