HTTP/Web Distributed Authoring and Versioning (WebDAV)
=======================================================
This topic provides information using HTTP/Web Distributed Authoring
and Versioning (WebDAV) to develop messaging applications.
Introduction
------------
Items in the Exchange store can be accessed remotely by using
the WebDAV protocol, defined in RFC 2518. This protocol extends
the HTTP 1.1 protocol, defined by RFC 2616, to provide additional
methods and capabilities. It provides a means to access both
the contents of an item and an extensible set of associated
properties.
Caveats
When creating applications that use WebDAV to transmit
sensitive information, or that communicate over the Internet,
it is strongly recommended that the IIS virtual server use
SSL/TLS encryption for better security. Within an intranet,
NTLM or Kerberos authentication of WebDAV requests can also
be used for authentication, but that does not provide data
encryption.
Functional Criteria
-------------------
Criteria HTTP/Web Distributed Authoring and Versioning (WebDAV)
Application Domain Applications can use WebDAV to access folders,
items, and item properties in the Exchange store. WebDAV is an
extension to HTTP/1.1, and so can more easily be used across
firewalls. Because WebDAV is a standard protocol, there are
more choices available for the client platform and client
programming language. Major Objects WebDAV is a protocol, not
an object model. Applications that use WebDAV can use the
.NET Framework System.Net.HttpWebRequest object, Microsoft.HTTPRequest,
or other HTTP request objects.
Data access model WebDAV returns information in text- and XML-streams
that contain the item data, properties and error information.
Additional information is available in the method response headers.
Threading Models Application threading is entirely depending on the
client, and does not affect WebDAV. WebDAV is an extension of HTTP,
so no connection state information is retained between transactions.
However, items status is retained in the Exchange server, for example
in response to a WebDAV resource lock command.
Application Architectures Applications that use WebDAV are typically
Web-based, thin-client applications. However, traditional Windows GUI
applications can be developed that use WebDAV to communicate with the
Exchange server. In addition, WebDAV is frequently used as the
communication mechanism between an application middle-tier and the
Exchange server.
Remote Usage WebDAV is often ideal for remotely accessing Exchange.
Because it communicates using the same ports that HTTP and HTTPS use,
corporate firewalls and routers often require no special configuration.
Transactions Yes, WebDAV supports transactions.
Management Capabilities WebDAV virtual servers can be managed manually
and programmatically using the Exchange administration console, CDOEXM
and WMI.
Availability Currently shipping with Exchange 2000 Server and Exchange
Server 2003. Future versions of Exchange might not include, or provide
access to this technology.
Development Criteria
Criteria HTTP/Web Distributed Authoring and Versioning (WebDAV)
Languages and Tools Because WebDAV is a protocol, any programming tool
and language that correctly send and receive HTTP requests and responses
can be used to create applications that access Exchange using WebDAV.
For example, The MSXML HTTPRequest object.
Managed Implementation WebDAV is not a managed IIS extension. However,
client applications that use WebDAV can use managed code as appropriate.
Managed applications typically use the System.Net.HttpWebRequest object
from the .NET Framework.
Scriptable Yes, WebDAV can be used in scripts, using the MSXML HTTPRequest
object.
Test/Debug Tools No special debugging tools are required to debug
applications that use WebDAV. For particularly difficult protocol-interaction
issues, a network monitoring utility may prove helpful. The NETMON.EXE
utility
can be very useful in debugging WebDAV protocol interactions. Because
WebDAV queries are sometimes sensitive to minor syntactical differences,
a WebDAV query tool can also be helpful.
Expert Availability Finding developers who have created networked
applications,
or who have experience using networking protocols should not be very
difficult.
For developers who have that type of experience, using WebDAV to access
Exchange data should not pose significant problems.
Available Information
---------------------
Because HTTP and WebDAV programming can be done within
so many programming environments, there is a great deal of information
about it. Using WebDAV to access Exchange information is discussed
in both Microsoft and third-party books. In addition, using WebDAV to access Exchange information
is described in both the Exchange 2000 Server SDK and in the Exchange Server 2003 SDK. Use the
documentation appropriate to the version of Exchange you are developing for. Both SDKs are available
on MSDN at http://msdn.microsoft.com/exchange. Developer / Deployment Licensing Refer to your
Exchange and MSDN subscription licensing agreements to determine whether additional licenses are
required for the Exchange servers that store the data accessed by your WebDAV applications.
Security Criteria
Criteria HTTP/Web Distributed Authoring and Versioning (WebDAV)
Design-Time Permissions No special developer permissions are required for using WebDAV with an
Exchange server. The Exchange server must be configured to allow WebDAV access, and the developer
must have permissions to access the data the application will use. Setup Permissions Because
applications that use WebDAV run on either the client- or middle-tier, there are typically no special
Exchange server permissions needed for setup. If the Setup program makes changes in the Exchange store,
the user running Setup must have the necessary permissions to make those changes.
Run-Time Permissions The run-time permissions needed by applications that use WebDAV depend entirely
upon the authentication/authorization methods used between the client and the WebDAV virtual server.
When the application tier that uses WebDAV to the Exchange server is a small number of computers, often
the virtual server is configured to allow connections from only those middle-tier computers.
Built-in Security Features WebDAV virtual servers by default use Basic or NTLM authentication, and
anonymous access is disabled. Because WebDAV transmits data in plaintext across the network, it is also
recommended that Exchange WebDAV virtual servers that transmit sensitive data use SSL/TLS.
Security Monitoring Features WebDAV virtual servers use the IIS security monitoring features.
Deployment Criteria
Criteria HTTP/Web Distributed Authoring and Versioning (WebDAV)
Server Platform Requirements The Exchange server that manages the store where your application data
resides must have a WebDAV virtual server if the client application accesses it directly.
Alternatively, WebDAV configured on Exchange front-end servers can be use to access all the stores in
the domain on which the user has permissions.
Client Platform Requirements WebDAV is not a client technology. The design and implementation of the
application client determines the client requirements.
Deployment Methods WebDAV client applications are deployed based on their client architecture and
technology. The client or middle tier communicates via WebDAV with an Exchange server.
Deployment Notes When using WebDAV with NTLM or Kerberos authentication to access Exchange data through
a front-end server, the Keep-alive protocol header must be set to True. If it is not, the request might
not be passed to the Exchange server.
References:
[1] http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/_techsel_tech_9.asp