How to tell which authentication protocols can be used with WebDAV.

When you do an anonymous POST to the “exchange” virtual folder, you will get back a response which will tell you about which authentication protocols are supported.  Each “WWW-Authenticate:” header in the response tells you which type of authentication method is supported.  If you get back a 440 Login Timeout with no “WWW-Authenticate:” headers and you do get back “Set-Cookie: “ headers then FBA is likely on.  If you get back a 401 Unauthorized and “WWW-Authenticate:” headers, then FBA is off.  If you get back a 500 error, then there is probably no authentication enabled (ie just Anonymous authentication is on).   FBA Authentication is an override to other authentication methods.  Checking the “WWW-Authenticate:” using this method can be used for checking authentication when any other Web API is used - such as EWS and EAS (Exchange Server ActiveSync).

If you do an Anonymous OPTIONS POST such as the following:

OPTIONS https://127.0.0.1/exchange HTTP/1.1
User-Agent: Fiddler
Host: 127.0.0.1
Translate: F

With FBA Enabled you will get back this:

HTTP/1.1 440 Login Timeout
Content-Length: 43
Content-Type: text/html
Set-Cookie: sessionid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: cadata=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 20 Sep 2011 23:15:08 GMT
<HTML><BODY>440 Login Timeout</BODY></HTML>

 

With FBA not enabled you will get back this:

HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="127.0.0.1"
X-Powered-By: ASP.NET
Date: Tue, 20 Sep 2011 23:20:15 GMT
Content-Length: 6283
Proxy-Support: Session-Based-Authentication

Here are some tools which you might find helpful for doing a POST:

WFetch 1.4
https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21625

HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections
https://support.microsoft.com/kb/284285

Fiddler:
https://fiddler2.com/fiddler2/

Note that Fiddler is not a Microsoft prodcut, so we cannot endorse it.  However, it is used here at MS quite a bit in Support. This tool can both capture traces and issue/re-issue POST.  The RAW tabs are useful for seeing the actual requests and responses.