Creating WebDAV Server with Cookies Authentication

This article describes how to create a WebDAV server with pure cookies authentication and open documents using WebDAV Ajax Library from a web page.

Important! Microsoft Office, LibreOffice and WPS Office require persistent authentication cookie (cookie with expiration date) to open documents from a web page. They can NOT open documents from a web site with session cookie (without expiration date). Typically you have to check the "Keep me logged-in" or "Remember me" checkbox on your web site when logging-in to make cookie persistent.

Creating an ASP.NET Web Application in Visual Studio

First we will create an ASP.NET Web Application or MVC Application with cookies authentication.

Create an ASP.NET Web Application in Visual Studio

Select Web Forms, MVC or both:

Select Web Forms, MVC or both. Go to Change Authentication.

Go to Change Authentication and select "Individual User Accounts" option.

Select Individual User Accounts option in Change Authentication dialog

Adding WebDAV with Cookies Authentication

On this step you will be using IT Hit WebDAV Server Engine for .NET wizards for Visual Studio to add WebDAV to your project. The WebDAV wizards are automatically installed with WebDAV Server Engine for .NET SDK.

Select "Add WebDAV Server Implementation" option in project context menu:

Select Add WebDAV Server Implementation option in context menu

You can keep all options to default except for Authentication step. Select "Cookies/Forms" option on Authentication step.

Important! Make sure to uncheck the Basic, Digest and MS-OFBA options! These options generate Mixed authentication which will make your cookies auth testing more difficult.

Select WebDAV Cookies authentication option. Make sure to uncheck Basic, Digest and MS-OFBA!

Updating MyCustomHandlerPage.aspx Page to Pass the Authentication Cookie

This step is required only with IT Hit WebDAV Server Engine for .NET v6.1.4235 and earlier. In v6.1.4279 and later versions the code generated by the Add WebDAV Server Implementation wizard adds DavProtocolEditDocument() with proper parameters automatically if Basic, Digest and MS-OFBA options are unchecked on the Authentication step.

Update the WebDAV Ajax Library сode on MyCustomHandlerPage.aspx that opens the document with associated application and opens OS file manager. You will pass authentication cookie name (.AspNet.ApplicationCookie) into all WebDAV Ajax Library DocManager functions:

Replace the сode for "Edit" command:

ITHit.WebDAV.Client.DocManager.EditDocument(sDocumentUrl, this.GetMountUrl(), 


ITHit.WebDAV.Client.DocManager.DavProtocolEditDocument(sDocumentUrl, this.GetMountUrl(), 
  this._ProtocolInstallMessage.bind(this), null, "Current", ".AspNet.ApplicationCookie", 

Replace the сode for "Open With" command:

ITHit.WebDAV.Client.DocManager.DavProtocolEditDocument(sDocumentUrl, this.GetMountUrl(), 
  this._ProtocolInstallMessage.bind(this), null, null, null, null, 'OpenWith');


ITHit.WebDAV.Client.DocManager.DavProtocolEditDocument(sDocumentUrl, this.GetMountUrl(), 
  this._ProtocolInstallMessage.bind(this), null, "Current", ".AspNet.ApplicationCookie", 
  "/Account/Login", 'OpenWith');

Replace the code for "Open OS File Manager" command:

ITHit.WebDAV.Client.DocManager.OpenFolderInOsFileManager(sFolderUrl, this.GetMountUrl(), 


ITHit.WebDAV.Client.DocManager.OpenFolderInOsFileManager(sFolderUrl, this.GetMountUrl(), 
  this._ProtocolInstallMessage.bind(this), null, "Current", ".AspNet.ApplicationCookie", 

You can find more about above JavaScript functions in Opening MS Office and other Docs from a Web Site with Cookies Authentication article.

Running Your Web Application

Run your web application and create a new account. Note that WebDAV wizard have changed the default start URL in your application in Visual Studio, so you are redirected directly to the log-in page.

ASP.NET web application - Create new account

After creating a new account you are logged-in with a session cookie (without expiration date). To open MS Office documents you need to be logged-in with persistent cookie (with expiration date). To do this close the web browser and start your application again.

Go to the log-in page and log-in with "Remember me" checkbox:

Log-in with "Remember me" checkbox to create a persistent authentication cookie, that is required to open MS Office docs from a web page.

Note that you can program your web site to always set persistent cookie and remove the Remember me checkbox.

After logging-in you will be redirected to your default WebDAV page specified in WebDAV wizard (/DAV/ by default). Now you can open documents for editing and save back directly to server.

Make sure you install the protocol application supplied with WebDAV Ajax Library and confirm the web browser extension activation. The web browser extension is used to pass cookies and must be activated.

Install the Edit Document Opener protocol application and activate the web browser extension. Now you can open documents from a web page.