WebDAV - HTTP Basic Auth
Hallo
I have a WebDAV Login at a Hetzner Storage Box where I can login successfully with (actual) WinSCP with WebDAV. In the (debug level 2) log I read:
What I don't understand is that it says "Unauthorized" (at: 2025-10-07 14:54:39.716) but authentication works anyway.
What happens after this "Unauthorized"? How does WinSCP authorize to the WebDAV Storage Box exactly?
I ask this, because I have issues with a Plugin in Total Commander, where I cannot access that storage box with WebDAV.
Thanks for hints, frank
EDIT 2025-10-08: the missing part after BASIC AUTH:
I have a WebDAV Login at a Hetzner Storage Box where I can login successfully with (actual) WinSCP with WebDAV. In the (debug level 2) log I read:
. 2025-10-07 14:54:39.512 -------------------------------------------------------------------------- . 2025-10-07 14:54:39.513 WinSCP Version 6.5.3 (Build 16364 2025-07-16) (OS 10.0.22631 – Windows 11 Enterprise) . 2025-10-07 14:54:39.514 Configuration: C:\Program Files (x86)\WinSCP\WinSCP.ini . 2025-10-07 14:54:39.514 Log level: Debug 2 . 2025-10-07 14:54:39.514 Local account: FRANC-COMP\f . 2025-10-07 14:54:39.514 Working directory: C:\Program Files (x86)\WinSCP . 2025-10-07 14:54:39.514 Process ID: 4624 . 2025-10-07 14:54:39.522 Ancestor processes: explorer, ... . 2025-10-07 14:54:39.522 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" . 2025-10-07 14:54:39.522 Time zone: Current: GMT+2, Standard: GMT+1 (Mitteleuropäische Zeit), DST: GMT+2 (Mitteleuropäische Sommerzeit), DST Start: 30.03.2025, DST End: 26.10.2025 . 2025-10-07 14:54:39.522 Login time: Dienstag, 7. Oktober 2025 14:54:39 . 2025-10-07 14:54:39.522 -------------------------------------------------------------------------- . 2025-10-07 14:54:39.522 Session name: Hetzner-CH-WebDAV (Site) . 2025-10-07 14:54:39.522 Host name: u123456.your-storagebox.de (Port: 443) . 2025-10-07 14:54:39.522 User name: u123456 (Password: Yes, Key file: No, Passphrase: No) . 2025-10-07 14:54:39.522 Transfer Protocol: WebDAV . 2025-10-07 14:54:39.522 Proxy: None . 2025-10-07 14:54:39.522 HTTPS: Yes [Client certificate: No] . 2025-10-07 14:54:39.522 WebDAV: Tolerate non-encoded: No . 2025-10-07 14:54:39.522 TLS/SSL versions: TLSv1.2-TLSv1.3 . 2025-10-07 14:54:39.522 Local directory: C:\Users\f\Desktop, Remote directory: /, Update: Yes, Cache: Yes . 2025-10-07 14:54:39.522 Cache directory changes: Yes, Permanent: Yes . 2025-10-07 14:54:39.522 Recycle bin: Delete to: No, Overwritten to: No, Bin path: . 2025-10-07 14:54:39.522 DST mode: Unix . 2025-10-07 14:54:39.522 Compression: No . 2025-10-07 14:54:39.522 -------------------------------------------------------------------------- . 2025-10-07 14:54:39.575 HTTP session to https://u123456.your-storagebox.de:443 begins. . 2025-10-07 14:54:39.576 ssl: SNI enabled by default. . 2025-10-07 14:54:39.576 auth: Create for WWW-Authenticate . 2025-10-07 14:54:39.576 Running pre_send hooks . 2025-10-07 14:54:39.576 Sending request headers: . 2025-10-07 14:54:39.576 OPTIONS / HTTP/1.1 . 2025-10-07 14:54:39.576 User-Agent: WinSCP/6.5.3 neon/0.34.2 . 2025-10-07 14:54:39.576 Keep-Alive: . 2025-10-07 14:54:39.576 Connection: TE, Keep-Alive . 2025-10-07 14:54:39.576 TE: trailers . 2025-10-07 14:54:39.576 Host: u123456.your-storagebox.de . 2025-10-07 14:54:39.576 Sending request-line and headers: . 2025-10-07 14:54:39.576 Doing DNS lookup on u123456.your-storagebox.de... . 2025-10-07 14:54:39.584 req: Connecting to 2a01:4f8:2b02:c99::2:443 . 2025-10-07 14:54:39.611 Doing SSL negotiation. . 2025-10-07 14:54:39.645 ssl: Verify callback @ 2 => 19 . 2025-10-07 14:54:39.645 ssl: Verify failures |= 8 => 8 . 2025-10-07 14:54:39.646 Chain depth: 3 . 2025-10-07 14:54:39.646 Identity match for '': bad . 2025-10-07 14:54:39.646 Identity match for '': bad . 2025-10-07 14:54:39.646 Identity match for '': bad . 2025-10-07 14:54:39.646 ssl: Match common name '*.your-storagebox.de' against 'u123456.your-storagebox.de' . 2025-10-07 14:54:39.646 Identity match for 'u123456.your-storagebox.de': good . 2025-10-07 14:54:39.646 Verifying certificate for "*.your-storagebox.de" with fingerprint 34:12:f3:d8:e2:cb:8f:51:82:c7:1d:03:6a:a5:59:0c:f9:5d:60:7f:73:0d:c7:fd:65:02:ed:d7:a4:61:cc:cf and 08 failures . 2025-10-07 14:54:39.670 Certificate verified against Windows certificate store . 2025-10-07 14:54:39.670 Using TLSv1.3, cipher TLSv1.3: TLS_AES_256_GCM_SHA384, 4096 bit RSA . 2025-10-07 14:54:39.670 Request sent; retry is 0. . 2025-10-07 14:54:39.694 req: Line: HTTP/1.1 401 Unauthorized . 2025-10-07 14:54:39.694 req: Line: Date: Tue, 07 Oct 2025 12:54:39 GMT . 2025-10-07 14:54:39.694 req: Header: [date] = [Tue, 07 Oct 2025 12:54:39 GMT] . 2025-10-07 14:54:39.694 req: Line: Server: Apache . 2025-10-07 14:54:39.694 req: Header: [server] = [Apache] . 2025-10-07 14:54:39.694 req: Line: WWW-Authenticate: Basic realm="WebDAV Restricted" . 2025-10-07 14:54:39.694 req: Header: [www-authenticate] = [Basic realm="WebDAV Restricted"] . 2025-10-07 14:54:39.694 req: Line: Content-Length: 458 . 2025-10-07 14:54:39.694 req: Header: [content-length] = [458] . 2025-10-07 14:54:39.694 req: Line: Keep-Alive: timeout=15, max=100 . 2025-10-07 14:54:39.694 req: Header: [keep-alive] = [timeout=15, max=100] . 2025-10-07 14:54:39.694 req: Line: Connection: Keep-Alive . 2025-10-07 14:54:39.694 req: Header: [connection] = [Keep-Alive] . 2025-10-07 14:54:39.694 req: Line: Content-Type: text/html; charset=iso-8859-1 . 2025-10-07 14:54:39.694 req: Header: [content-type] = [text/html; charset=iso-8859-1] . 2025-10-07 14:54:39.694 req: Line: . 2025-10-07 14:54:39.694 req: End of headers. . 2025-10-07 14:54:39.694 Running post_headers hooks . 2025-10-07 14:54:39.716 Reading 458 bytes of response body. . 2025-10-07 14:54:39.716 Got 458 bytes. . 2025-10-07 14:54:39.716 Read block (458 bytes): . 2025-10-07 14:54:39.716 [<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> . 2025-10-07 14:54:39.716 <html><head> . 2025-10-07 14:54:39.716 <title>401 Unauthorized</title> . 2025-10-07 14:54:39.716 </head><body> . 2025-10-07 14:54:39.716 <h1>Unauthorized</h1> . 2025-10-07 14:54:39.716 <p>This server could not verify that you . 2025-10-07 14:54:39.716 are authorized to access the document . 2025-10-07 14:54:39.716 requested. Either you supplied the wrong . 2025-10-07 14:54:39.716 credentials (e.g., bad password), or your . 2025-10-07 14:54:39.716 browser doesn't understand how to supply . 2025-10-07 14:54:39.716 the credentials required.</p> . 2025-10-07 14:54:39.716 <hr> . 2025-10-07 14:54:39.716 <address>Apache Server at u123456.your-storagebox.de Port 443</address> . 2025-10-07 14:54:39.716 </body></html> . 2025-10-07 14:54:39.716 ] . 2025-10-07 14:54:39.716 Running post_send hooks . 2025-10-07 14:54:39.716 auth: Post-send (#0), code is 401 (want 401), WWW-Authenticate is Basic realm="WebDAV Restricted" . 2025-10-07 14:54:39.716 auth: Got challenge (code 401). . 2025-10-07 14:54:39.716 auth: Got 'Basic' challenge. . 2025-10-07 14:54:39.716 auth: Trying Basic challenge... . 2025-10-07 14:54:39.716 auth: Basic auth scope is: / . 2025-10-07 14:54:39.716 auth: Accepted Basic challenge. . 2025-10-07 14:54:39.716 Running pre_send hooks . 2025-10-07 14:54:39.716 auth: Sending 'Basic' response. . 2025-10-07 14:54:39.716 auth: '/' is inside auth domain: 1. . 2025-10-07 14:54:39.716 Sending request headers: . 2025-10-07 14:54:39.716 OPTIONS / HTTP/1.1 ...
What happens after this "Unauthorized"? How does WinSCP authorize to the WebDAV Storage Box exactly?
I ask this, because I have issues with a Plugin in Total Commander, where I cannot access that storage box with WebDAV.
Thanks for hints, frank
EDIT 2025-10-08: the missing part after BASIC AUTH:
. 2025-10-07 14:54:39.716 User-Agent: WinSCP/6.5.3 neon/0.34.2 . 2025-10-07 14:54:39.716 Keep-Alive: . 2025-10-07 14:54:39.716 Connection: TE, Keep-Alive . 2025-10-07 14:54:39.716 TE: trailers . 2025-10-07 14:54:39.716 Host: u123456.your-storagebox.de . 2025-10-07 14:54:39.716 Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx . 2025-10-07 14:54:39.716 Sending request-line and headers: . 2025-10-07 14:54:39.716 Request sent; retry is 1. . 2025-10-07 14:54:39.743 req: Line: HTTP/1.1 200 OK . 2025-10-07 14:54:39.743 req: Line: Date: Tue, 07 Oct 2025 12:54:39 GMT . 2025-10-07 14:54:39.743 req: Header: [date] = [Tue, 07 Oct 2025 12:54:39 GMT] . 2025-10-07 14:54:39.743 req: Line: Server: Apache . 2025-10-07 14:54:39.743 req: Header: [server] = [Apache] . 2025-10-07 14:54:39.743 req: Line: DAV: 1,2 . 2025-10-07 14:54:39.743 req: Header: [dav] = [1,2] . 2025-10-07 14:54:39.743 req: Line: DAV: <http://apache.org/dav/propset/fs/1> . 2025-10-07 14:54:39.743 req: Header: [dav] = [<http://apache.org/dav/propset/fs/1>] . 2025-10-07 14:54:39.743 req: Line: MS-Author-Via: DAV . 2025-10-07 14:54:39.743 req: Header: [ms-author-via] = [DAV] . 2025-10-07 14:54:39.743 req: Line: Allow: OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK . 2025-10-07 14:54:39.743 req: Header: [allow] = [OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK] . 2025-10-07 14:54:39.743 req: Line: Content-Length: 0 . 2025-10-07 14:54:39.743 req: Header: [content-length] = [0] . 2025-10-07 14:54:39.743 req: Line: Keep-Alive: timeout=15, max=99 . 2025-10-07 14:54:39.743 req: Header: [keep-alive] = [timeout=15, max=99] . 2025-10-07 14:54:39.743 req: Line: Connection: Keep-Alive . 2025-10-07 14:54:39.743 req: Header: [connection] = [Keep-Alive] . 2025-10-07 14:54:39.743 req: Line: Content-Type: httpd/unix-directory . 2025-10-07 14:54:39.743 req: Header: [content-type] = [httpd/unix-directory] . 2025-10-07 14:54:39.743 req: Line: . 2025-10-07 14:54:39.743 req: End of headers. . 2025-10-07 14:54:39.743 Running post_headers hooks . 2025-10-07 14:54:39.764 Running post_send hooks . 2025-10-07 14:54:39.764 auth: Post-send (#1), code is 200 (want 401), WWW-Authenticate is (none) . 2025-10-07 14:54:39.764 Request ends, status 200 class 2xx, error line: . 2025-10-07 14:54:39.764 200 OK . 2025-10-07 14:54:39.764 Running destroy hooks. . 2025-10-07 14:54:39.764 Request ends. . 2025-10-07 14:54:39.764 Server capabilities: 1, 2, <http://apache.org/dav/propset/fs/1> . 2025-10-07 14:54:39.765 -------------------------------------------------------------------------- . 2025-10-07 14:54:39.765 Using WebDAV protocol. . 2025-10-07 14:54:39.766 Doing startup conversation with host. . 2025-10-07 14:54:39.766 Session upkeep . 2025-10-07 14:54:39.780 Changing directory to "/". . 2025-10-07 14:54:39.780 Trying to open directory "/". . 2025-10-07 14:54:39.781 auth: Create for WWW-Authenticate . 2025-10-07 14:54:39.781 Running pre_send hooks . 2025-10-07 14:54:39.781 auth: Sending 'Basic' response. . 2025-10-07 14:54:39.781 auth: '/' is inside auth domain: 1. > 2025-10-07 14:54:39.781 <?xml version="1.0" encoding="utf-8"?> > 2025-10-07 14:54:39.781 <propfind xmlns="DAV:"><allprop/></propfind> . 2025-10-07 14:54:39.781 Sending request headers: . 2025-10-07 14:54:39.781 PROPFIND / HTTP/1.1 . 2025-10-07 14:54:39.781 User-Agent: WinSCP/6.5.3 neon/0.34.2 . 2025-10-07 14:54:39.781 Connection: TE . 2025-10-07 14:54:39.781 TE: trailers . 2025-10-07 14:54:39.781 Host: u123456.your-storagebox.de . 2025-10-07 14:54:39.781 Depth: 0 . 2025-10-07 14:54:39.781 Content-Length: 84 . 2025-10-07 14:54:39.781 Content-Type: application/xml . 2025-10-07 14:54:39.781 Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx . 2025-10-07 14:54:39.781 Sending request-line and headers: . 2025-10-07 14:54:39.781 Sending request body: . 2025-10-07 14:54:39.781 Body block (84 bytes): . 2025-10-07 14:54:39.781 [<?xml version="1.0" encoding="utf-8"?> . 2025-10-07 14:54:39.781 <propfind xmlns="DAV:"><allprop/></propfind> . 2025-10-07 14:54:39.781 ] . 2025-10-07 14:54:39.781 Request sent; retry is 1. . 2025-10-07 14:54:39.807 req: Line: HTTP/1.1 207 Multi-Status . 2025-10-07 14:54:39.807 req: Line: Date: Tue, 07 Oct 2025 12:54:39 GMT . 2025-10-07 14:54:39.808 req: Header: [date] = [Tue, 07 Oct 2025 12:54:39 GMT] . 2025-10-07 14:54:39.808 req: Line: Server: Apache . 2025-10-07 14:54:39.808 req: Header: [server] = [Apache] . 2025-10-07 14:54:39.808 req: Line: Content-Length: 845 . 2025-10-07 14:54:39.808 req: Header: [content-length] = [845] . 2025-10-07 14:54:39.808 req: Line: Content-Type: text/xml; charset="utf-8" . 2025-10-07 14:54:39.808 req: Header: [content-type] = [text/xml; charset="utf-8"] . 2025-10-07 14:54:39.808 req: Line: . 2025-10-07 14:54:39.808 req: End of headers. . 2025-10-07 14:54:39.808 Running post_headers hooks . 2025-10-07 14:54:39.808 Reading 845 bytes of response body. . 2025-10-07 14:54:39.808 Got 845 bytes. . 2025-10-07 14:54:39.808 Read block (845 bytes): . 2025-10-07 14:54:39.808 [<?xml version="1.0" encoding="utf-8"?> . 2025-10-07 14:54:39.808 <D:multistatus xmlns:D="DAV:" xmlns:ns0="DAV:"> . 2025-10-07 14:54:39.808 <D:response xmlns:lp2="http://apache.org/dav/props/" xmlns:lp1="DAV:"> . 2025-10-07 14:54:39.808 <D:href>/</D:href> . 2025-10-07 14:54:39.808 <D:propstat> . 2025-10-07 14:54:39.808 <D:prop> . 2025-10-07 14:54:39.808 <lp1:resourcetype><D:collection/></lp1:resourcetype> . 2025-10-07 14:54:39.808 <lp1:creationdate>2025-09-27T17:23:13Z</lp1:creationdate> . 2025-10-07 14:54:39.808 <lp1:getlastmodified>Sat, 27 Sep 2025 17:23:13 GMT</lp1:getlastmodified> . 2025-10-07 14:54:39.808 <lp1:getetag>"5-63fcba83b1f0a"</lp1:getetag> . 2025-10-07 14:54:39.808 <D:supportedlock> . 2025-10-07 14:54:39.808 <D:lockentry> . 2025-10-07 14:54:39.808 <D:lockscope><D:exclusive/></D:lockscope> . 2025-10-07 14:54:39.808 <D:locktype><D:write/></D:locktype> . 2025-10-07 14:54:39.808 </D:lockentry> . 2025-10-07 14:54:39.808 <D:lockentry> . 2025-10-07 14:54:39.808 <D:lockscope><D:shared/></D:lockscope> . 2025-10-07 14:54:39.808 <D:locktype><D:write/></D:locktype> . 2025-10-07 14:54:39.808 </D:lockentry> . 2025-10-07 14:54:39.808 </D:supportedlock> . 2025-10-07 14:54:39.808 <D:lockdiscovery/> . 2025-10-07 14:54:39.808 <D:getcontenttype>httpd/unix-directory</D:getcontenttype> . 2025-10-07 14:54:39.808 </D:prop> . 2025-10-07 14:54:39.808 <D:status>HTTP/1.1 200 OK</D:status> . 2025-10-07 14:54:39.808 </D:propstat> . 2025-10-07 14:54:39.808 </D:response> . 2025-10-07 14:54:39.808 </D:multistatus> . 2025-10-07 14:54:39.808 ] . 2025-10-07 14:54:39.808 XML: Parsing 845 bytes.
Last edited by franc on 2025-10-08 10:04; edited 1 time in total
