I am making a CORS POST request and setting the Content-Type header to json. This triggers a Preflight OPTIONS request to fire (this is good and expected)
This OPTIONS request is responded to with a 200 OK but this isn't coming from my WebAPI application.
I have a custom Message Handler in place and it never get's hit so the request is getting responded to by IIS prior to hitting ASP.NET it seems.
I have found several posts on the subject and they say the following
Make sure WebDav is uninstalled / removed / disabled - DONE
Make sure the OPTIONSVerbHandler is removed / changed to use aspnet_isapi.dll - TRIED BOTH
Make sure the extensionlessURLHandler includes the OPTIONS verb - DONE
However, my options request is still getting hijacked. By that I mean, IIS responds with at 200 OK but isn't including an Access-Control-Allow-Origin header in the response. It isn't including this header because it is never getting to my WebAPI CORS code that would set this header.
The two best posts I could find that sound like my issue are
here: JQuery stuck at CORS preflight and IIS ghost response
and here: http://brockallen.com/2012/10/18/cors-iis-and-webdav/
I have tried turning on Failed Request tracing (FERB) in IIS and set it to trace all 200 status codes. I don't ever see the options request being logged... Not sure if this means FERB doesn't track OPTIONS requests or if I need to change something in the FERB settings to make it track OPTIONS requests, Or if this is a clue to what my problem is?
This is ASP.NET WebAPI 2.0 running on IIS 7.5 (Also tested on IIS 8 and IISExpress with same results)
Doesn't matter what browser (Chrome, FF, and IE all fail the same way)
I have tried everything I can find on the subject and still can't fix my problem.
Help me StackOverflow, you're my only hope.
A couple of things you can try here, all web.config related, firstly modify your modules element to include the attribute runAllManagedModulesForAllRequests="true", as below:
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDavModule" />
</modules>
Then set your handlers to the below:
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="WebDav" />
<remove name="OPTIONSVerbHandler" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
This should do the trick, but if it doesn't, as a last resort you can force IIS to output the correct headers with the below:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
</customHeaders>
</httpProtocol>
</system.webServer>
Be wary of the wildcard value, you should really set this to the domain name that your site will be hosted on.
that's what worked for me after 4 hours of searching/experimenting:
<handlers>
<remove name="OPTIONSVerbHandler" />
<add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="IsapiModule" scriptProcessor="C:\Windows\System32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" />
</handlers>
I tried all of the above suggestions as well as others I found on SO and what mattered in my situation was we had Request Filtering enabled on IIS and the OPTIONS HTTP Verb was not in the list of allowed verbs. Once I added it I was able to sort out the rest of it.
I had the same issue and the following web.config settings fixed it for me.
<modules runAllManagedModulesForAllRequests="false">
<remove name="FormsAuthenticationModule" />
</modules>
<handlers>
<remove name="OPTIONSVerbHandler" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
I was then able to handle CORS OPTIONS requests manually in Application_BeginRequest.
I was originally using the library detailed in this blog post for handling CORS requests. The product I'm working on requires that runAllManagedModulesForAllRequests be set to false, though. This is why I had to set up a custom implementation, but if you don't have that requirement you should give that library a try. It worked great when I was able to have runAllManagedModulesForAllRequests set to true.
In our case it was request filtering in IIS disabling OPTIONS verb at the root web application level. Open up IIS Manager, click on root application, click on Request Filtering, if OPTIONS appears in list either remove or Allow Verb. Wish I had checked this first as lots of wasted time.
In my case, I missed the Microsoft.WebApi.Cors package.
Installed this package and configured it like so in the WebApiConfig class:
public static void Register(HttpConfiguration config)
{
config.MapHttpAttributeRoutes();
config.EnableCors(new EnableCorsAttribute("*","*","*"));
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
Please fine-tune this before using in production because you probably don't want to have wild-cards for everything
This is what worked for me:
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
Check if URLScan tool is installed on IIS.
When so check following section:
;
; The verbs (aka HTTP methods) listed here are those commonly
; processed by a typical IIS server.
;
; Note that these entries are effective if "UseAllowVerbs=1"
; is set in the [Options] section above.
;
GET
HEAD
POST
OPTIONS
I know this is an old post, but I just went through the exact same problem.
In my situation, I have CORS installed for both OWIN and WebAPI. The OWIN CORS middleware was intercepting the OPTIONS call long before it ever made it to the WebAPI stuff. Maybe this well help someone else in the future.
I have installed Microsoft.AspNet.WebApi.Cors & Microsoft.Owin.Cors for my oWin based WebAPI and added app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); at config like below:
public class Startup : IStartup, IAppStartup
{
public void Configuration(IAppBuilder app)
{
var config = this.GetInjectionConfiguration();
BootstrapperWebApi bootstrapperWebApi = (BootstrapperWebApi)this.GetBootstrapperWebApi(config);
bootstrapperWebApi.Initialize(true)
.EnableLogging()
.DisableWebApiDefaultExceptionHandler();
WebApiConfig.Register(config);
app.UseOwinExceptionHandler();
app.Use<LoggerMiddleware>();
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
//others stuff
}
I tried all the mentioned posts but nothing worked for me, then i shifted my ASP.Net Web API 2 service to windows server 2012 (IIS 8.5) and same service worked without any changes. So issue was specific to IIS 7.5 on windows 7 machine.
In my case I did this:
<verbs allowUnlisted="true" applyToWebDAV="true">
<remove verb="OPTIONS"/>
<add verb="OPTIONS" allowed="true"/>
</verbs>
</requestFiltering>
</security>
When I added <add verb="OPTIONS" allowed="true"/> to the web.config, the application failed to start with this error
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Cannot add duplicate collection entry of type 'add' with unique key attribute 'verb' set to 'OPTIONS'
So I had to remove it first.
I have the same issue. The OPTIONS request return 200 OK status but it does not contain Access-Control-Allow-Origin header. The problem was our customer network policy blocking the OPTIONS verb request and response the warning message with 200 OK status. I know this is the old post but I want to share my case for anyone needed.
One more case, maybe it will save time for somebody. When I used config with HttpConfiguration.EnableCors all was working fine but when I used web.config file it was failing with CORS errors. It started work after I removed the .vs folder.
<figure>
<img src="https://i.stack.imgur.com/CbRyM.png" alt="">
<figcaption> change the OptionsVerbHangle</figcaption>
</figure>
<figure>
<img src="https://i.stack.imgur.com/wjcMV.png" alt="Minha Figura">
<figcaption>Adicione * and in the case of php use fastcgimodule</figcaption>
</figure>
<figure>
<img src="https://i.stack.imgur.com/wRwpi.png" alt="Minha Figura">
<figcaption>Mapping to folder
</figcaption>
</figure>
<figure>
<img src="https://i.stack.imgur.com/hhqJi.png" alt="Minha Figura">
<figcaption>all verbs
</figcaption>
</figure>
<figure>
<img src="https://i.stack.imgur.com/86kKX.png" alt="Minha Figura">
<figcaption>Select script
</figcaption>
</figure>
Just follow the images below to unlock the colors in IIS
enter image description here
enter image description here
enter image description here
enter image description here
enter image description here
enter image description here
Related
I am making delete requests from an AngularJS app to an asp.net web api and I am getting below error -
XMLHttpRequest cannot load http://api.prod.com/api/v1/proddetails/34. No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:5100' is therefore not allowed access. The response
had HTTP status code 403.
Method:
[HttpDelete]
public HttpResponseMessage Delete(int id)
Web Config:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />
<remove name="WebDAVModule" />
</modules>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="12582912" />
<!--12 MB-->
</requestFiltering>
</security>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<remove name="WebDAV" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
Please help.
Note: The machine is a Windows Server 2012 R2 running IIS 8.5 on AWS EC2. I have CORS setup properly like this on the controller -
[EnableCors(origins: "*", headers: "*", methods: "*")]
Edit1:
I was looking at my applicationHost.config file, and it has these lines -
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
But there are so many of them, and none of them have DELETE as allowed verb. Can this be causing an issue?
Edit2:
As requested, this is the AngularJS request code -
$http.delete('http://api.prod.com/api/v1/proddetails/' + data)
.success(function (data, status, headers, config) {
console.log(data);
if(data.status == "200")
{
console.log('data deleted');
}
deferred.resolve(data);
})
.error(function (data, status, headers, config) {
console.log("some error occurred");
deferred.reject(data);
});
Try changing this property of Web.config:
<add name="ExtensionlessUrl-Integrated-4.0"
path="*."
verb="GET,HEAD,POST,DEBUG,DELETE,PUT"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
Two things could be going on here.
First
In IIS if you click at the root most node (computer name), you can see under management in the right frame an icon called Feature Delegation. Open that by double clicking it. From within there, you will see a list of delegations, find Handler Mappings and make sure it is set to read/write. This will allow the site to override the default handlers that may not be allowing the DELETE verb. Then make sure the web.config reflects the verbs you want to be enabled for extensionlessurlhandler.
Second
You must implement the options verb on your API controllers like this:
[HttpOptions, AllowAnonymous]
public IHttpActionResult Options()
{
return StatusCode(HttpStatusCode.OK);
}
this is because CORS will "pre-flight" many requests that are not a simple get or post.
from the mozilla docs on the subject:
Preflighted requests
Unlike simple requests (discussed above), "preflighted" requests first
send an HTTP request by the OPTIONS method to the resource on the
other domain, in order to determine whether the actual request is safe
to send. Cross-site requests are preflighted like this since they may
have implications to user data. In particular, a request is
preflighted if:
It uses methods other than GET, HEAD or POST. Also, if POST is used to
send request data with a Content-Type other than
application/x-www-form-urlencoded, multipart/form-data, or text/plain,
e.g. if the POST request sends an XML payload to the server using
application/xml or text/xml, then the request is preflighted.
It sets custom headers in the request (e.g. the request uses a header
such as X-PINGOTHER)
Also, localhost may have issues with CORS. There are workarounds to develop with, see:
Deadly CORS when http://localhost is the origin
Change the following tag in your applicationHost.config file:
<add name="ExtensionlessUrlHandler-Integrated-4.0"
path="*."
verb="GET,HEAD,POST,DEBUG, DELETE"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0"
responseBufferLimit="0" />
I am trying to streamline my MVC application and deleting as much as possible. Can someone explain to me what this code below does in the web.config file in the root of the application. I have commented it out and still managed to run the application...
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit"/>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit"/>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0"/>
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
</handlers>
...
I have looked at this question: ASP.NET MVC 4 and ExtensionlessUrlHandler which has an answer that links to this blog: https://web.archive.org/web/20100611160242/http://blogs.msdn.com/b/tmarq/archive/2010/05/26/how-extensionless-urls-are-handled-by-asp-net-v4.aspx but I don't find it to explain my question.
I am using: IIS 8, ASP.NET MVC 4, .NET 4.5 in both development and production
You should check your web.config file. If the following setting is present
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
</modules>
</system.webServer>
Then, it could explain why everything is still working after deleting the ExtensionlessUrlHandler handlers.
By default the runAllManagedModulesForAllRequests is false which means that IIS does not delegate each request to managed (.NET) modules.
The core module which knows how to handle extension less URL is named UrlRouting module and it is a managed (not native) module. This means that it doesn't have a chance to handle the request and IIS internally tries to handle it according to its handler mapping configuration.
BTW, the default configuration treat the extensionless url as a static resource and therefore fails with 403.14 status code (in most cases)
When runAllManagedModulesForAllRequests is true any request being sent to IIS is directed to any managed module. The UrlRouting module has a change to process the request and delegate it to ASP.NET MVC.
To summarize, when running ASP.NET MVC applications you have two options
runAllManagedModulesForAllRequests is false. The ExtensionlessUrlHandler must be registered
runAllManagedModulesForAllRequests is true. You can delete ExtensionlessUrlHandler from the IIS handlers list
IIS express uses different handlers names than IIS
Add the following markup and it should disable the extensionless handlers for IIS express only
<remove name="ExtensionlessUrl-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrl-Integrated-4.0" />
I want to configure a wildcard mapping for a specific path, and send the requests to a HttpHandler. My URLs look like this:
http://www.example.com/api/v1/conversation/forums/232?some=value
http://www.example.com/api/v1/conversation/posts/212
This configuration doesnt match the URLs above.
<location path="api/v1/conversation">
<system.webServer>
<handlers>
<add name="ApiProxy" verb="*" path="*" preCondition="integratedMode" type="DemoProject.ApiProxy, DemoProject" />
</handlers>
</system.webServer>
</location>
It works when I add an extension to my URLs:
http://www.example.com/api/v1/conversation/forums/232.axd?some=value
http://www.example.com/api/v1/conversation/posts/212.axd
How do I make this work extension-less?
It turned out, that this problem was related to my website was running Umbraco CMS. Umbraco CMS has an AppSetting called "umbracoReservedPaths", which asks Umbraco to ignore specific paths.
The value was set to:
<add key="umbracoReservedPaths" value="~/umbraco,~/install/" />
After adding ~/api/, everything worked as expected:
<add key="umbracoReservedPaths" value="~/umbraco,~/install/,~/api/" />
I appreciate any help on this as the site is supposed to go live tonight!
I have a web api controller with a Delete method. The method executes fine on my local machine running IIS Express (Windows 8) but as soon as I deployed it to the live IIS server (Windows Server 2008 R2) it stopped working and throws the following error message:
HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method (HTTP Verb) is being used
I have looked around the web for solutions and I implemented most reasonable ones. My web config has the following settings:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
I have also tried to change the Handler Mappings and Request Filtering in IIS to no avail. Please note that the WebDAV Authoring Rules in IIS seems to be disabled.
Any ideas will be greatly appreciated
Thanks.
I found the solution eventually!
If you come across the same issue, add the following to your web.config
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/> <!-- ADD THIS -->
</modules>
... rest of settings here
In some cases removing it just from modules can produce next error:
500.21 Handler "WebDAV" has a bad module "WebDAVModule" in its module list
Module: IIS Web Core Notification: ExecuteRequestHandler"
solution was suggested here. Also need to remove it from handlers.
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
</system.webServer>
In my case none of the above solutions worked. This was because I had changed the name of the parameter in my Delete method.
I had
public void Delete(string Questionid)
instead of
public void Delete(string id)
I need to use the id name because that's the name that is declared in my WebApiConfig file. Note the id name in the third and fourth lines:
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
I got this solution from here.
The Javascript for HTTP DELETE verb must be like this:
$.ajax({
**url: "/api/SomeController/" + id,**
type: "DELETE",
dataType: "json",
success: function(data, statusText) {
alert(data);
},
error: function(request, textStatus, error) {
alert(error);
debugger;
}
});
Do not use something like this:
...
data: {id:id}
...
as when you use the POST method.
If you are using IIS 7.0 or later version.
This issue is mainly related to WebDAV extension module on IIS server.
this happened while Using Post OR delete action.
Please try below setting in web config
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
</system.webServer>
After trying almost every solutions here this worked for me.
Add this in your APIs config file
<system.webServer>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<modules>
<remove name="WebDAVModule" />
</modules>
</system.webServer>
I also had the same problem, I am calling WebAPi and is getting this error.
Adding following configuration in web.config for services solved my problem
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/> <!-- add this -->
</modules>
in web.config file solved my problem.
This is How i was calling from client side
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(environment.ServiceUrl);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = client.DeleteAsync("api/Producer/" + _nopProducerId).Result;
if (response.IsSuccessStatusCode)
{
string strResult = response.Content.ReadAsAsync<string>().Result;
}
}
Go to applicationHost.config (usually under C:\Windows\System32\inetsrv\config) file and comment out the following line in applicationHost.config
1)Under <handlers>:
<add name="WebDAV" path="*" verb="PROPFIND,PROPPATCH,MKCOL,PUT,COPY,DELETE,MOVE,LOCK,UNLOCK" modules="WebDAVModule" resourceType="Unspecified" requireAccess="None" />
2)Also comment out the following module being referred by the above handler under <modules>
<add name="WebDAVModule" />
In my case, I missed to add {id} to the [Route("")] and I got the same error.
Adding that fixed the problem for me: [Route("{id}")]
I had 405 error Method Not Allowed because I had omitted to make the Delete method on the WebApi controller public.
It took me a long time to find this (too long!) because I would have expected a Not Found error in this case, so I was incorrectly assuming that my Delete method was being denied.
The reason for Not Allowed rather than Not Found is that I also had a Get method for the same route (which will be the normal case when implementing REST). The public Get function is matched by the routing and then denied because of the wrong http method.
A simple error I know but it may save someone else some time.
Just to add. If this is your config
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
please keep doing as Hugo said, and do not set Route attribute to the controller get method, this gave a problem in my case.
I had the similar issue but for PUT - none of the other suggestions worked for me.
However i was using int rather than the default string for the id. adding {id:int} to the route solved my problem.
[Route("api/Project/{id:int}")]
public async Task<IHttpActionResult> Put(int id, [FromBody]EditProjectCommand value)
{
...
}
I am working on .Net 5 Api project, and adding :
<modules>
<remove name="WebDAVModule" />
</modules>
to the <system.webServer> part of web.config and
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,PUT,DELETE,DEBUG" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" responseBufferLimit="0" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
fixed it for me.
However, tricky part was making this work in the Azure DevOps CI-CD pipelines.
I managed to do it, and spoke about how I did it here:
Azure DevOps Release Pipeline Web.Config Edit
We had to add custom headers to our web.config as our request had multiple headers that confused the API response.
<httpProtocol>
<customHeaders>
<remove name="Access-Control-Allow-Methods" />
<remove name="Access-Control-Allow-Origin" />
<remove name="Access-Control-Allow-Headers" />
</customHeaders>
</httpProtocol>
[HttpPost] attribute on the top of Delete method solved this issue for me:
[HttpPost]
public void Delete(int Id)
{
//Delete logic
}
I have written an httpHandler for an ASP.NET MVC4 site that generates an an image. The ProcessRequest function is not being called. Any thoughts on why?
MVC4, IIS Express, Windows 8 Pro
Web.config > system.webServer
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="TextImage" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="TextImage" path="textimage/*.png" verb="*" resourceType="Unspecified" type="MultiStepUI.TextImageHandler, MultiStepUI_MOBETTER" />
</handlers>
</system.webServer>
usage
<img src="/textimage/step1.png?q=Step 1&c=404040&w=30&h=250&z=12" />
The answer can be found on the web if one just knows what to look for.
MVC routing engine tries to map all requests to a controller - which is not what we want in this case. In addition to registering the handler in Web.config we need to tell the MVC route engine to ignore the httpHandler path so that the ASP.NET engine can handle its routing.
I've chosen to use the example from Phil Haack
To combat link rot this is an excerpt from the article
By default, ASP.NET Routing ignores requests for files that do not
exist on disk. I explained the reason for this in a previous post on
upcoming routing changes. Long story short, we didn’t want routing to
attempt to route requests for static files such as images.
Unfortunately, this caused us a headache when we remembered that many
features of ASP.NET make requests for .axd files which do not exist on
disk.
To fix this, we included a new extension method on
RouteCollection, IgnoreRoute, that creates a Route mapped to the
StopRoutingHandler route handler (class that implements
IRouteHandler). Effectively, any request that matches an “ignore
route” will be ignored by routing and normal ASP.NET handling will
occur based on existing http handler mappings. Hence in our default
template, you’ll notice we have the following route defined.
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
This handles the
standard .axd requests. However, there are other cases where you might
have requests for files that don’t exist on disk. For example, if you
register an HTTP Handler directly to a type that implements
IHttpHandler. Not to mention requests for favicon.ico that the browser
makes automatically. ASP.NET Routing attempts to route these requests
to a controller. One solution to this is to add an appropriate ignore
route to indicate that routing should ignore these requests.
Unfortunately, we can’t do something like this:
{*path}.aspx/{*pathinfo}
We only allow one catch-all route and it must
happen at the end of the URL. However, you can take the following
approach. In this example, I added the following two routes.
routes.IgnoreRoute("{*allaspx}", new {allaspx=#".*\.aspx(/.*)?"});
routes.IgnoreRoute("{*favicon}", new {favicon=#"(.*/)?favicon.ico(/.*)?"});
What I’m doing here is a
technique Eilon showed me which is to map all URLs to these routes,
but then restrict which routes to ignore via the constraints
dictionary. So in this case, these routes will match (and thus ignore)
all requests for favicon.ico (no matter which directory) as well as
requests for a .aspx file. Since we told routing to ignore these
requests, normal ASP.NET processing of these requests will occur.
The previous answer is correct, but the article has been edited from the excerpt placed here. The ignore statements should read:
routes.IgnoreRoute("{*allaspx}", new {allaspx=#".*\.aspx(/.*)?"});
routes.IgnoreRoute("{*favicon}", new {favicon=#"(.*/)?favicon.ico(/.*)?"});
Note the '*' in the {*allaspx} and {*favicon} strings that is missing in the original.
I could not get it to work until I followed the link and followed the example in the updated article.