How to Set Up WebDAV in IIS on Windows Server 2025

How to Set Up WebDAV in IIS on Windows Server 2025

WebDAV (Web Distributed Authoring and Versioning) extends the HTTP protocol to allow clients to create, move, copy, and delete files on a remote web server as if they were working with a local file system. On Windows Server 2025 with IIS, WebDAV is a built-in feature that enables use cases ranging from simple file sharing to CMS content authoring workflows. This tutorial walks through installing the WebDAV Publishing feature, enabling it for an IIS site, configuring authentication and authoring rules, mapping a network drive in Windows Explorer, securing connections with SSL, and resolving common errors.

Prerequisites

• Windows Server 2025 with IIS already installed (Web-Server role)
• Administrator or equivalent privileges on the server
• An existing IIS site (or you will create one during this guide)
• A valid SSL certificate if you plan to use WebDAV over HTTPS (recommended for production)
• Windows Firewall access on port 80 (HTTP) or 443 (HTTPS)
• PowerShell 5.1 or later (included with Windows Server 2025)

Step 1: Install the WebDAV Publishing Feature

The WebDAV Publishing feature is a sub-component of the IIS Web Server role. Install it using the Install-WindowsFeature cmdlet in an elevated PowerShell session:

# Install WebDAV Publishing along with IIS management tools
Install-WindowsFeature -Name Web-DAV-Publishing -IncludeManagementTools

# Verify the installation
Get-WindowsFeature -Name Web-DAV-Publishing

After installation, confirm the feature shows as Installed in the output. IIS Manager will now show a WebDAV Authoring Rules icon in the Features View for each site.

Step 2: Enable WebDAV for an IIS Site

WebDAV must be enabled on a per-site basis. You can do this through IIS Manager or PowerShell. Using PowerShell provides repeatable, scriptable configuration:

# Enable WebDAV for the Default Web Site
# Set allowCustomProperties and allowAnonymousPropfind as needed

Set-WebConfigurationProperty `
    -Filter "system.webServer/webdav/authoring" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name enabled `
    -Value $true

# Allow custom properties (useful for CMS clients like SharePoint or Dreamweaver)
Set-WebConfigurationProperty `
    -Filter "system.webServer/webdav/authoring" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name "allowCustomProperties" `
    -Value $true

# Allow anonymous property retrieval (PROPFIND)
Set-WebConfigurationProperty `
    -Filter "system.webServer/webdav/authoring" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name "allowAnonymousPropfind" `
    -Value $false

Alternatively, in IIS Manager navigate to your site, double-click WebDAV Authoring Rules, and click Enable WebDAV in the Actions pane on the right.

Step 3: Configure WebDAV Authoring Rules

Authoring rules define which users can perform which WebDAV operations (Read, Write, Source). Without at least one authoring rule, even authenticated users will receive a 403 Forbidden response.

# Add a WebDAV authoring rule allowing all authenticated users to read and write
Add-WebConfigurationProperty `
    -Filter "system.webServer/webdav/authoringRules" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name "." `
    -Value @{
        users      = "*"
        roles      = ""
        path       = "*"
        access     = "Read, Write, Source"
    }

# Verify the rules
Get-WebConfigurationProperty `
    -Filter "system.webServer/webdav/authoringRules/add" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name "."

To restrict access to a specific Windows user or group, replace * with the domain account name (e.g., CONTOSOWebAuthors).

Step 4: Configure Authentication

WebDAV works with both Basic Authentication and Windows Authentication. For intranet use, Windows Authentication (Kerberos/NTLM) is preferred. For internet-facing WebDAV, Basic Authentication over HTTPS is the safest option.

# Disable Anonymous Authentication for the site
Set-WebConfigurationProperty `
    -Filter "system.webServer/security/authentication/anonymousAuthentication" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name enabled `
    -Value $false

# Enable Windows Authentication
Set-WebConfigurationProperty `
    -Filter "system.webServer/security/authentication/windowsAuthentication" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name enabled `
    -Value $true

# --- OR --- Enable Basic Authentication (use over HTTPS only)
Set-WebConfigurationProperty `
    -Filter "system.webServer/security/authentication/basicAuthentication" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name enabled `
    -Value $true

Step 5: Enable WebDAV with SSL (HTTPS)

Sending credentials over plain HTTP is a significant security risk. Bind an SSL certificate to the site and enforce HTTPS for WebDAV connections:

# Bind an existing certificate (replace thumbprint with your cert's thumbprint)
$thumbprint = "A1B2C3D4E5F6A1B2C3D4E5F6A1B2C3D4E5F6A1B2"
$cert = Get-ChildItem -Path Cert:LocalMachineMy | Where-Object { $_.Thumbprint -eq $thumbprint }

New-WebBinding `
    -Name "Default Web Site" `
    -Protocol https `
    -Port 443 `
    -SslFlags 0

# Associate the certificate with the binding
$binding = Get-WebBinding -Name "Default Web Site" -Protocol https
$binding.AddSslCertificate($thumbprint, "My")

# Require SSL for the WebDAV site
Set-WebConfigurationProperty `
    -Filter "system.webServer/security/access" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name sslFlags `
    -Value "Ssl"

Step 6: Map a Network Drive in Windows Explorer

From any Windows client, you can map the WebDAV site as a drive letter using the built-in Map Network Drive wizard:

1. Open File Explorer, right-click This PC, and choose Map network drive.
2. Select an available drive letter (e.g., Z:).
3. In the Folder field enter the WebDAV URL: https://webdav.contoso.com/ (or http://192.168.1.10/ for HTTP).
4. Check Connect using different credentials if using Basic Authentication.
5. Click Finish and enter your credentials when prompted.

You can also map the drive via PowerShell:

# Map WebDAV as drive Z using net use
net use Z: https://webdav.contoso.com/ /user:CONTOSOWebUser P@ssw0rd! /persistent:yes

# Or using New-PSDrive (session only, not persistent across logons)
New-PSDrive -Name Z -PSProvider FileSystem -Root "\webdav.contoso.comDavWWWRoot" -Credential (Get-Credential)

Step 7: Test with curl

From any machine with curl available (included in Windows 10/11 and Server 2025), test WebDAV operations:

# Test PROPFIND (directory listing)
curl -u "CONTOSOWebUser:P@ssw0rd!" `
     -X PROPFIND `
     -H "Depth: 1" `
     -H "Content-Type: application/xml" `
     https://webdav.contoso.com/

# Upload a file with PUT
curl -u "CONTOSOWebUser:P@ssw0rd!" `
     -T C:LocalFilesdocument.txt `
     https://webdav.contoso.com/document.txt

# Delete a file
curl -u "CONTOSOWebUser:P@ssw0rd!" `
     -X DELETE `
     https://webdav.contoso.com/document.txt

Step 8: Troubleshooting 405 Method Not Allowed Errors

A 405 error on WebDAV methods (PUT, DELETE, PROPFIND) is one of the most common issues and is almost always caused by IIS handlers intercepting requests before WebDAV can process them.

# Check for StaticFile handler overriding WebDAV — remove it for the site if present
# This is often the cause of 405 on PUT/DELETE

Get-WebConfigurationProperty `
    -Filter "system.webServer/handlers/add[@name='StaticFile']" `
    -PSPath "IIS:SitesDefault Web Site" `
    -Name "verb"

# If the StaticFile handler handles GET,HEAD,POST,DEBUG but NOT PUT/DELETE, WebDAV should work
# If WebDAV is still blocked, check if WebDAVModule is listed in modules

Get-WebConfiguration "system.webServer/modules/add[@name='WebDAVModule']" `
    -PSPath "IIS:SitesDefault Web Site"

Additional troubleshooting tips:

• 401 Unauthorized: Verify the authentication method is enabled and credentials are correct. Ensure the Windows user account has NTFS read/write permissions on the physical folder.
• 403 Forbidden: Check that a WebDAV Authoring Rule exists and grants the appropriate access level (Read, Write, Source).
• Mapping fails on Windows 10/11 client: The WebClient service must be running on the client. Run sc start webclient or set it to Automatic startup.
• Basic Auth over HTTP blocked: Modern Windows clients block Basic Auth over non-SSL by default. Either use HTTPS or set the registry key HKLMSYSTEMCurrentControlSetServicesWebClientParametersBasicAuthLevel to 2 (not recommended for production).

Common Use Cases for WebDAV

• CMS content authoring: WordPress, Drupal, and many CMSs support WebDAV for direct file uploads without FTP.
• Remote file shares: Provides HTTP-based file sharing as an alternative to SMB in firewall-restricted environments.
• Office document collaboration: Microsoft Office can open and save documents directly to a WebDAV share.
• Developer asset publishing: Automate static asset deployment to IIS-hosted sites using WebDAV PUT operations in CI/CD pipelines.

WebDAV on Windows Server 2025 with IIS provides a flexible, standards-based file access layer that integrates seamlessly with Windows authentication and NTFS permissions. By securing the endpoint with SSL, configuring authoring rules precisely, and testing connectivity with tools like curl, you can deploy a robust WebDAV solution suitable for both internal and internet-facing workloads. Once running, the drive mapping experience for end users is transparent — they interact with the remote file store exactly as they would a local or SMB network drive.