[GH-ISSUE #307] Authentication always returns 401 on Windows Explorer's network mount #162

New Issue

Closed

opened 2026-04-08 16:50:46 +03:00 by zhus · 2 comments

zhus commented 2026-04-08 16:50:46 +03:00

Owner

Copy Link

Originally created by @segln on GitHub (Dec 1, 2023).
Original GitHub issue: https://github.com/sigoden/dufs/issues/307

Problem
Password authentication always returns 401 on Windows Explorer's network mount and net use command.

Works well with web UI, Cyberduck, on Linux, etc.
So it is not network/LAN/DNS/web server configuration issue.

Checked it in two Windows devices on both the version from 4 months ago and the latest version of Windows, including on Windows Sandbox.

Without authentication, it works well.

Log

INFO - 192.168.0.2 "OPTIONS /" 200
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401
INFO - 192.168.0.2 "PROPFIND /" 401

It worked well before, not working after deprecation of --auth-method.

Used command

dufs ./data -A -a admin:password@/:rw

net use * https://example.com/ password /user:admin

Environment:

• Dufs version: 0.38.0
• Browser/Webdav Info: Windows Explorer's network mount, net use
• OS Info: Windows 11 Pro 22H2

Originally created by @segln on GitHub (Dec 1, 2023). Original GitHub issue: https://github.com/sigoden/dufs/issues/307 **Problem** Password authentication always returns 401 on Windows Explorer's network mount and `net use` command. Works well with web UI, Cyberduck, on Linux, etc.\ So it is not network/LAN/DNS/web server configuration issue. Checked it in two Windows devices on both the version from 4 months ago and the latest version of Windows, including on Windows Sandbox. Without authentication, it works well. <!-- A clear and concise description of what the bug is. --> **Log** ``` INFO - 192.168.0.2 "OPTIONS /" 200 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 INFO - 192.168.0.2 "PROPFIND /" 401 ``` It worked well before, not working after deprecation of `--auth-method`. ### Used command `dufs ./data -A -a admin:password@/:rw` `net use * https://example.com/ password /user:admin` **Environment:** - Dufs version: 0.38.0 - Browser/Webdav Info: Windows Explorer's network mount, `net use` - OS Info: Windows 11 Pro 22H2

zhus closed this issue 2026-04-08 16:50:46 +03:00

zhus commented 2026-04-08 16:50:47 +03:00

Author

Owner

Copy Link

@sigoden commented on GitHub (Dec 7, 2023):

After pr #279 merged, dufs will set www-authenticate as follows:

www-authenticate: Digest realm="DUFS", nonce="6571013fd6b54c9f061bd40b9587721040", qop="auth", Basic realm="DUFS"

The www-authenticate contains two challenges: Digest and Basic.

But microsoft-webdav does not support www-authorize with multiple challenges. This has caused a problem.
Who would have thought that such a big company's products do not adhere to the HTTP standard.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate#syntax

<!-- gh-comment-id:1843859415 --> @sigoden commented on GitHub (Dec 7, 2023): After pr #279 merged, dufs will set `www-authenticate` as follows: ``` www-authenticate: Digest realm="DUFS", nonce="6571013fd6b54c9f061bd40b9587721040", qop="auth", Basic realm="DUFS" ``` The `www-authenticate` contains two challenges: `Digest` and `Basic`. But microsoft-webdav does not support www-authorize with multiple challenges. This has caused a problem. Who would have thought that such a big company's products do not adhere to the HTTP standard. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate#syntax 

zhus commented 2026-04-08 16:50:47 +03:00

Author

Owner

Copy Link

@segln commented on GitHub (Dec 7, 2023):

Well, they are Microsoft!

<!-- gh-comment-id:1844410081 --> @segln commented on GitHub (Dec 7, 2023): Well, they are Microsoft!

zhus referenced this issue 2026-04-08 16:53:11 +03:00

[PR #175] [MERGED] feat: hiding only directories instead of files #501

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

chore-release

v0.46.0-rc1

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.0

v0.35.0

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.0

v0.27.0

v0.26.0

v0.25.0

v0.24.0

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.0

v0.18.0

v0.17.1

v0.17.0

v0.16.0

v0.15.1

v0.15.0

v0.14.0

v0.13.2

v0.13.1

v0.13.0

v0.12.1

v0.11.0

v0.10.1

v0.10.0

v0.9.0

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.1

v0.2.0

v0.1.0

Labels

Clear labels

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

zhus

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sigoden/dufs#162