Export (0) Print
Expand All
2 out of 2 rated this helpful - Rate this topic

HTTP/Web Distributed Authoring and Versioning (WebDAV)

Exchange Server 2003
This topic provides information about using HTTP/Web Distributed Authoring and Versioning (WebDAV) to develop messaging applications.


Items in the Exchange store can be accessed remotely by using the WebDAV protocol, defined in RFC 2518. This protocol extends the HTTP 1.1 protocol, defined by RFC 2616, to provide additional methods and capabilities. It provides a means to access both the contents of an item and an extensible set of associated properties.


When creating applications that use WebDAV to transmit sensitive information, or that communicate over the Internet, it is strongly recommended that the IIS virtual server use SSL/TLS encryption for better security. Within an intranet, NTLM or Kerberos authentication of WebDAV requests can also be used for authentication, but that does not provide data encryption.

Functional Criteria

CriteriaHTTP/Web Distributed Authoring and Versioning (WebDAV)
Application DomainApplications can use WebDAV to access folders, items, and item properties in the Exchange store. WebDAV is an extension to HTTP/1.1, and so can more easily be used across firewalls. Because WebDAV is a standard protocol, more choices are available for the client platform and client programming language.
Major ObjectsWebDAV is a protocol, not an object model. Applications that use WebDAV can use the .NET Framework System.Net.HttpWebRequest object, Microsoft.HTTPRequest, or other HTTP request objects.
Data Access ModelWebDAV returns information in text and XML streams that contain the item data, properties, and error information. Additional information is available in the method response headers.
Threading ModelsApplication threading depends entirely on the client, and does not affect WebDAV. WebDAV is an extension of HTTP, so no connection state information is retained between transactions. However, items status is retained in the Exchange server, for example in response to a WebDAV resource lock command.
Application ArchitecturesApplications that use WebDAV are typically Web-based, thin-client applications. However, traditional Windows GUI applications can be developed that use WebDAV to communicate with the Exchange server. In addition, WebDAV is frequently used as the communication mechanism between an application middle tier and the Exchange server.
Remote UsageWebDAV is often ideal for remotely accessing Exchange. Because it communicates by using the same ports that HTTP and HTTPS use, corporate firewalls and routers often do not require special configuration.
TransactionsWebDAV supports transactions.
Management CapabilitiesWebDAV virtual servers can be managed manually and programmatically by using the Exchange administration console, CDOEXM, and WMI.
AvailabilityCurrently shipping with Exchange 2000 Server and Exchange Server 2003. Future versions of Exchange might not include, or provide access to, this technology.

Development Criteria

CriteriaHTTP/Web Distributed Authoring and Versioning (WebDAV)
Languages and ToolsBecause WebDAV is a protocol, any programming tool and language that correctly sends and receives HTTP requests and responses, for example, the MSXML HTTPRequest object, can be used to create applications that access Exchange by using WebDAV.
Managed ImplementationWebDAV is not a managed IIS extension. However, client applications that use WebDAV can use managed code as appropriate. Managed applications typically use the System.Net.HttpWebRequest object from the .NET Framework.
ScriptableWebDAV can be used in scripts, by using the MSXML HTTPRequest object.
Test/Debug ToolsNo special debugging tools are required to debug applications that use WebDAV. For particularly difficult protocol-interaction issues, a network monitoring tool may prove helpful. The NETMON.EXE tool can be very useful in debugging WebDAV protocol interactions. Because WebDAV queries are sometimes sensitive to minor syntactical differences, a WebDAV query tool can also be helpful.
Expert AvailabilityFinding developers who have created networked applications, or who have experience using networking protocols, should not be very difficult. For developers who have that type of experience, using WebDAV to access Exchange data should not pose significant problems.
Available InformationBecause HTTP and WebDAV programming can be done within so many programming environments, there is a great deal of information about it. Microsoft and third-party books are available for information about using WebDAV to access Exchange information. In addition, provide information about using WebDAV to access Exchange information. Use the documentation appropriate to the version of Exchange you are developing for. To access the Exchange 2000 Server SDK and the Exchange Server 2003 SDK, see Microsoft Exchange Server Online link on MSDN.
Developer/Deployment LicensingRefer to your Exchange and MSDN subscription licensing agreements to determine whether additional licenses are required for the Exchange servers that store the data accessed by your WebDAV applications.

Security Criteria

CriteriaHTTP/Web Distributed Authoring and Versioning (WebDAV)
Design-Time PermissionsNo special developer permissions are required for using WebDAV with an Exchange server. The Exchange server must be configured to allow WebDAV access, and the developer must have permissions to access the data the application will use.
Setup PermissionsBecause applications that use WebDAV run on either the client or middle tier, typically no special Exchange server permissions are needed for setup. If the Setup program makes changes in the Exchange store, the user running Setup must have the necessary permissions to make those changes.
Run-Time PermissionsThe run-time permissions needed by applications that use WebDAV depend entirely upon the authentication/authorization methods used between the client and the WebDAV virtual server. When the application tier that uses WebDAV to access the Exchange server is a small number of computers, often the virtual server is configured to allow connections from only those middle-tier computers.
Built-in Security FeaturesWebDAV virtual servers by default use Basic or NTLM authentication, and anonymous access is disabled. Because WebDAV transmits data in plaintext across the network, it is also recommended that Exchange WebDAV virtual servers that transmit sensitive data use SSL/TLS.
Security Monitoring FeaturesWebDAV virtual servers use the IIS security monitoring features.

Deployment Criteria

CriteriaHTTP/Web Distributed Authoring and Versioning (WebDAV)
Server Platform RequirementsThe Exchange server that manages the store where your application data resides must have a WebDAV virtual server if the client application accesses it directly. Alternatively, WebDAV configured on Exchange front-end servers can be use to access all the stores in the domain on which the user has permissions.
Client Platform RequirementsWebDAV is not a client technology. The design and implementation of the application client determines the client requirements.
Deployment MethodsWebDAV client applications are deployed based on their client architecture and technology. The client or middle tier communicates via WebDAV with an Exchange server.
Deployment NotesWhen using WebDAV with NTLM or Kerberos authentication to access Exchange data through a front-end server, the Keep-alive protocol header must be set to True. If it is not, the request might not be passed to the Exchange server.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.