Which technology should I use to expose a server files system?

Question

I need to expose our repository which resides in our server machine to clients. The clients should be authenticated, and read write permissions are enabled. We are having doubts regarding which way to go with the implementation:

1. We already have client based COM layer so we can wrap it with some C# UI.

2. Server rest services, and then writing rest services based UI in C#/GWT/etc.

3. Implement WebDav protocol and get free client (windows, total commander, others)

What do you think is the best approach?

Answer 1

I don't know what kind of repository you are talking about, and what your clients need to do with it. But if it's plain reading and writing of files, I'd say WebDAV is the best way to go: It's supported widely across all platforms, has loads of free clients, can be set up on a Windows machine within minutes, supports SSL (I think) and is very easy to use.

If you need to do more fine-grained things like protocol changes, have you considered using source control software like Subversion, Git or Mercurial? They would give great possibilities, but the learning curve for your clients would be very steep. I wouldn't recommend this for a non-techie audience.

Answer 2

I'm not sure what you have in the way of infrastructure, but I'd suggest putting the server in a DMZ so if anyone breaks in they can't do too much fdamage to the rest of your network.

How are you going to authenticate users? ASP.NET 2.0+ has some useful libraries that provide some excellent out-of-the-box capability fo managing users which integrates with FormsAuthentication; this will gove you options for identity and access management - assuming you write a asp.net front end.

What ever approach you take, I'd suggest PEN testing it - either yourselves or by a third party security specialist.

Answer 3

WebDAV or SFTP (SSH File Transfer Protocol) server would work. They offer similar functionality, with SFTP being more widespread.

Answer 4

WebDAV provides standards-compliant way to browsing and managing your documents storage. And to my opinion is the best solution when you need to manage files via HTTP. It supports both challenge-response authentication and any custom authentication, such as ASP.NET cookies or url-authentication. As well as you can use SSL. If you can use .Net/C# possibly the fastest way of implementing WebDAV would be using any library such as http://www.webdavsystem.com/server/