We get the very same problem on a site running CMS 5.1.422.256. Configured the server and the client as per instructions here:

http://world.episerver.com/Documentation/Items/Tech-Notes/EPiServer-CMS-5/EPiServer-CMS-SP2/WebDAV-in-EPiServer-CMS-5/

Can only get read-only access for a WebDAV folder when <deny users="?"> is removed (anonymous logon). This is not an option as our client obviously needs protection for the web folder. Tried BasicAuthentication, tried NetDrive and BitKinex clients but cannot get user authentication working. We always get 401 Unauthorized.

Are there any settings to EPiServer.WebDAV that we may try?

Did you guys ever find a solution to this? I have the same issue. Works in read-only mode when removing <deny users="*" /> but cannot get it to work with either windows or sql membership provider accounts.

I know basic auth is working correctly on my site as I am using on the webservices folder for security.

Adam, did you ever solve it?

I've got <deny users="?" />, and it's working in read-only mode, however, I can't get write-access to work.

Check if standard WebDAVModule is enabled on your IIS site. It can overlap with other modules that uses OPTIONS and PUT and you may get different kind of errors depending on the client.

Please see this blog post for more details and debug techniques.