Enabling Special Characters and Protected Folders in ASP.NET/IIS-hosted WebDAV server

Enabling Special Characters

While IT Hit WebDAV Server Engine support any characters in item names some characters require additional configuration depending on your hosting environment:

  • To allow '+' in item names in ASP.NET 2.0 and 4.0 set the configuration\system.webServer\security\requestFiltering@allowDoubleEscaping = "true" in your web.config file. 
  • To allow '&' and '%' in ASP.NET 2.0, IIS 7 the "VerificationCompatibility"= dword:00000001 must be set under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET
  • To allow '&' and '%' in ASP.NET 4.0 set the configuration\system.web\httpRuntime@requestPathInvalidCharacters = "" in your web.config file. 
  • To allow trailing dots ('.') in ASP.NET 4.0 set configuration\system.web\httpRuntime@relaxedUrlToFileSystemMapping = "true" in your web.config file.

Important! Microsoft Windows Shell (Mini-Redirector) client does not support '%' in WebDAV item names. You cannot name your items like 'Some%Folder'.

Enabling Access to Protected Folders 

By default Bin, App_Code, App_Data, App_Browsers, App_GlobalResources, App_LocalResources, App_Themes, App_WebReferences folders are protected by ASP.NET and you will be unable to create folders with such names in your WebDAV repository or access file in this folders. Usually, you will need to be able to access this folders if you would like to use your WebDAV server for storing ASP.NET projects that usually contain folders with above names. As soon as all file structure is stored in your storage there is no need in additional protection at ASP.NET level.

IIS 7.x and Later

In IIS 7.x, you can either configure requestFiltering settings in web.config or you can remove RequestFilteringModule. To configure requestFiltering add the following lines to your web.config file:

<configuration>
 ...
 <system.webServer> 
  ...
  <security>
   <requestFiltering>
    <!-- Allow all files with 'web.config' name. -->
    <fileExtensions>
     <clear />
    </fileExtensions>
 
    <!-- Allow all folders with 'bin', 'App_code', 'App_Data', etc names. -->                   
    <hiddenSegments>
     <clear />
    </hiddenSegments>
 
    <!-- Maximum upload file segment size in bytes is 2147483648 (2Gb) -->
    <requestLimits maxAllowedContentLength="2147483648"/>
   </requestFiltering>
  </security>
 </system.webServer>
</configuration>

If you would like to remove the RequestFilteringModule module you must fist unlock it at the server level. Open IIS MMC console and click on root server node. Then go to Modules and select RequestFilteringModule. Click Unlock. Now you can remove this module at the site level. Click on your WebDAV website and go to Modules. Finally, remove the RequestFilteringModule module.

Remove the RequestFilteringModule module

RequestFilteringModule protects folders both in Classic and Integrated Pipeline modes. Note that while IIS 7 also has aspnet_filter.dll configured at server and site level it does not protect folders so you do not need to remove it.

IIS 6

In IIS 6 you will have to remove aspnet_filter.dll filter installed at the server level. If you host any other websites except WebDAV server on the same IIS server you will have to configure aspnet_filter.dll on each non-WebDAV website.

Open IIS 6 MMC console and right click on Web Sites node, select Properties. In the Web Sites Properties dialog select ISAPI Filters tab and remove the filter called ASP.NET_2.0.50727.42 mapped to aspnet_filter.dll.

Remove the filter ASP.NET_2.0.50727.42 in Web Sites Properties