Turn WebEdit OFF in IIS for WebCenter Interaction Collaboration Server

We’ve had a good run with WebEdit functionality in the old Plumtree / ALUI / WebCenter Collaboration Server. There comes a time, though, when the pain/cost is increasing and the benefit/payback of fixing the issues is decreasing.

Such was the case at a client was getting this security prompt every time they tried to open an Office document that had been uploaded to Collaboration server through WCI:

It turns out that when Office 2010 opens a document from a web page, the first thing it tries to do after downloading the document is execute a WebDAV request (PROPFIND) to that server:
This makes all kinds of sense from Microsoft’s perspective – if a Word document is opened from a web site, first check to see if it’s a SHAREPOINT site, right? That way Office can enable all those neat WebEdit/WebDAV features automatically.

The problem was that IIS was choking on this request because Windows Integrated Authentication was prompting for the user’s domain credentials – and even if the proper user/pass was supplied to IIS, the portal still had no idea what to do with those WebDAV verbs.

The solution: just kill off WebDAV entirely in this portal instance. You do this by changing the verbs for the portal virtual directory (.pt extension) to only accept the verbs “GET,HEAD,POST”:


This way, even if Office does try to check the WebDAV verbs, IIS is going to deny those requests before even letting them through to the portal, which probably wouldn’t know what to do with them anyway.

Tags: , , ,

Leave a Reply