ASP NET Web API - PUT DELETE Verbs Not Allowed - IIS 8

Question

I recently upgraded from Visual Studio 2010 to the Visual Studio 2012 RC  The installer also installs IIS 8 Express which Visual Studio now uses as the default web server   IIS 8 is blocking my WEB API requests that use PUT AND DELETE verbs  IIS returns a 405 error  The requested resource does not support http method  PUT    I know people have issues with this in the past and there are several messages about it on Stack Overflow  With IIS 7 Express the solution was to uninstall WebDav  Unfortunately I don t see any way to do that with IIS 8    I ve tried editing out the WebDav sections from applicationhost config but that hasn t helped  For example I removed  lt add name  WebDAVModule  image   IIS BIN  webdav dll    gt  from the config file   I ve spent far too long on this  There must be a simple way to enable PUT and DELETE

User · Answer

You can convert your Delete method as POST as     HttpPost   public void Delete YourDomainModel itemToDelete

User · Answer

I am using an ashx file in an MVC application and none of the above answers worked for me  IIS 10   Here s what did work  Instead of changing  ExtensionlessUrl-Integrated-4 0  in IIS or web config I changed  SimpleHandlerFactory-Integrated-4 0  for    ashx  files    lt add name  SimpleHandlerFactory-Integrated-4 0  path    ashx   verb  GET HEAD POST DEBUG PUT DELETE   type  System Web UI SimpleHandlerFactory   resourceType  Unspecified  requireAccess  Script   preCondition  integratedMode runtimeVersionv4 0    gt

User · Answer

In Asp Net Web API - webconfig  This works in all browser   Add the following code inside the System web tag   lt webServices gt     lt protocols gt       lt add name  HttpGet   gt       lt add name  HttpPost   gt     lt  protocols gt   lt  webServices gt    Replace your system webserver tag with this below code     lt httpProtocol gt     lt customHeaders gt       lt add name  Access-Control-Allow-Origin  value       gt       lt add name  Access-Control-Allow-Methods  value  GET PUT POST DELETE    gt       lt add name  Access-Control-Allow-Headers  value  Content-Type    gt     lt  customHeaders gt   lt  httpProtocol gt   lt modules runAllManagedModulesForAllRequests  false  gt     lt remove name  WebDAVModule    gt   lt  modules gt    lt validation validateIntegratedModeConfiguration  false    gt   lt handlers gt     lt remove name  ExtensionlessUrlHandler-ISAPI-4 0 32bit    gt     lt remove name  ExtensionlessUrlHandler-ISAPI-4 0 64bit    gt     lt remove name  ExtensionlessUrlHandler-Integrated-4 0    gt     lt add name  ExtensionlessUrlHandler-ISAPI-4 0 32bit  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS  modules  IsapiModule  scriptProcessor   windir  Microsoft NET Framework v4 0 30319 aspnet isapi dll  preCondition  classicMode runtimeVersionv4 0 bitness32  responseBufferLimit  0    gt     lt add name  ExtensionlessUrlHandler-ISAPI-4 0 64bit  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS  modules  IsapiModule  scriptProcessor   windir  Microsoft NET Framework64 v4 0 30319 aspnet isapi dll  preCondition  classicMode runtimeVersionv4 0 bitness64  responseBufferLimit  0    gt      lt add name  ExtensionlessUrlHandler-Integrated-4 0  path      verb  GET HEAD POST DEBUG PUT DELETE  type  System Web Handlers TransferRequestHandler  preCondition  integratedMode runtimeVersionv4 0    gt    lt  handlers gt

User · Answer

I have faced the same issue with you  then solved it   Here are solutions  I wish it maybe can help  First  In the IIS modules Configuration  loop up the WebDAVModule  if your web server has it  then remove it   Second   In the IIS handler mappings configuration  you can see the list of enabling handler  to choose the PHP item  edit it  on the edit page  click request restrictions button  then select the verbs tab in the modal  in the specify the verbs to be handle label  check the all verbs radio  then click ok  you also maybe see a warning  it shows us that use double quotation marks to PHP-CGI execution  then do it  if done it  then restart IIS server  it will be ok

User · Answer

Change Your Web Config file as below  It will act like charm   In node  lt system webServer gt  add below portion of code   lt modules runAllManagedModulesForAllRequests  true  gt     lt remove name  WebDAVModule   gt   lt  modules gt    After adding  your Web Config will look like below   lt system webServer gt       lt validation validateIntegratedModeConfiguration  false    gt       lt modules runAllManagedModulesForAllRequests  true  gt           lt remove name  WebDAVModule   gt       lt  modules gt       lt httpProtocol gt       lt customHeaders gt           lt add name  Access-Control-Allow-Origin  value       gt           lt add name  Access-Control-Allow-Headers  value  Content-Type    gt           lt add name  Access-Control-Allow-Methods  value  GET  POST  PUT  DELETE  OPTIONS    gt       lt  customHeaders gt       lt  httpProtocol gt       lt handlers gt         lt remove name  ExtensionlessUrlHandler-ISAPI-4 0 32bit    gt         lt remove name  ExtensionlessUrlHandler-ISAPI-4 0 64bit    gt         lt remove name  ExtensionlessUrlHandler-Integrated-4 0    gt         lt add name  ExtensionlessUrlHandler-ISAPI-4 0 32bit  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS  modules  IsapiModule  scriptProcessor   windir  Microsoft NET Framework v4 0 30319 aspnet isapi dll  preCondition  classicMode runtimeVersionv4 0 bitness32  responseBufferLimit  0    gt         lt add name  ExtensionlessUrlHandler-ISAPI-4 0 64bit  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS  modules  IsapiModule  scriptProcessor   windir  Microsoft NET Framework64 v4 0 30319 aspnet isapi dll  preCondition  classicMode runtimeVersionv4 0 bitness64  responseBufferLimit  0    gt         lt add name  ExtensionlessUrlHandler-Integrated-4 0  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS  type  System Web Handlers TransferRequestHandler  preCondition  integratedMode runtimeVersionv4 0    gt       lt  handlers gt   lt  system webServer gt

User · Answer

Remove the WebDAV works perfectly for my case    lt modules gt     lt remove name  WebDAVModule   gt   lt  modules gt   lt handlers gt     lt remove name  WebDAV    gt     lt remove name  ExtensionlessUrlHandler-Integrated-4 0    gt     lt add name  ExtensionlessUrlHandler-Integrated-4 0  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS          type  System Web Handlers TransferRequestHandler  preCondition  integratedMode runtimeVersionv4 0    gt   lt  handlers gt    it always better to solve the problem through the web config instead of going to fix it through the iis or machine config to grantee it wouldn t happen if the app hosted at another machine

User · Answer

Enable CORS  nice and neat   1 Add CORS nuget package  Install-Package microsoft aspnet webapi cors   2 in the WebApiConfig cs file to Register method add bellow code    config EnableCors      ex      using System Web Http   namespace test   public static class WebApiConfig       public static void Register HttpConfiguration config                   Web API configuration and services           config EnableCors      add this                                        Web API routes         config MapHttpAttributeRoutes             config Routes MapHttpRoute              name   DefaultApi               routeTemplate   api  controller   id                defaults  new   id   RouteParameter Optional                                     3 Add bellow code into namespace  of the controller include get post delete put or any http method    EnableCors origins   The address from which the request comes   headers       methods          ex    using System Web Http Cors   add this                               namespace Test Controllers    EnableCors origins   http   localhost 53681 HTML Restaurant html   headers       methods        public class RestaurantController   ApiController       protected TestBusinessLayer DevTestBLL   new TestBusinessLayer         public List lt Restaurant gt  GET                 return DevTestBLL GetRestaurant               public List lt Restaurant gt  DELETE int id                return DevTestBLL DeleteRestaurant id                      reference  http   www asp net web-api overview security enabling-cross-origin-requests-in-web-api

User · Answer

For PHP  it was simply    Open IIS Go to Handler Mappings click edit on php5 6 x or php7 0 x click  request restrictions  under the verbs tab  select  one of the following verbs  and add  GET HEAD POST PUT PATCH DELETE OPTIONS    I imagine this will work with other handlers too

User · Answer

I am not sure if you have edited right configuration file  Try following steps   open  userprofile  ducuments iisexpress config applicationhost config By default bellow given entries are commented in the applicationhost config file  uncomment these entries      lt add name  WebDAVModule  image   IIS BIN  webdav dll    gt     lt add name  WebDAVModule    gt      lt add name  WebDAV  path      verb  PROPFIND PROPPATCH MKCOL PUT COPY DELETE MOVE LOCK UNLOCK   modules  WebDAVModule  resourceType  Unspecified  requireAccess  None     gt

User · Answer

After endless searching and trying the already supplied answers  adding the PUT DELETE verbs and remove WEBdav  it just didn t work   I went to IIS logging settings    View Log Files  In my case W3SVC4 was the folder with the latest date  opened the folder  looked up the latest log file and saw this entry  GET  Rejected-By-UrlScan   MYDOMAIN API ApiName UpdateMETHOD  The Update method was listed with verb GET  weird right  So I Googled for Rejected-By-UrlScan and found this link  UrlScan Broke My Blog    I went to here   windir  system32 inetsrv urlscan UrlScan ini  Basically  the UrlScan blocked PUT and DELETE verbs  I opened this INI file  added the PUT and DELETE to the AllowVerbs and removed them from the DenyVerbs listings  I saved the INI file and it worked  So for me these steps were necessary next to the ExtensionlessUrlHandler hints   Windows Webserver 2008 R2  64 bit   IIS 7 5  I m using this in combination with DotNetNuke  DNN  WebAPI  ASP Net 4 0 My update method    HttpPut   DnnAuthorize StaticRoles    MyRoleNames    public HttpResponseMessage UpdateMETHOD DTO MyObject myData

User · Answer

The another reason can be the following   I changed my Url for Web Api method according to this answer   Url Action  MyAction    MyApiCtrl   new   httproute           But this method creates link like    api MyApiCtrl action MyAction   This works correctly with GET and POST requests but not with PUT or DELETE    So I just replaced it with    api MyApiCtrl   and it fixed the problem

User · Answer

Here is how you allow extra HTTP Verbs using the IIS Manager GUI    In IIS Manager  select the site you wish to allow PUT or DELETE for  Click the  Request Filtering  option  Click the  HTTP Verbs  tab  Click the  Allow Verb     link in the sidebar   In the box that appears type  DELETE   click OK   Click the  Allow Verb     link in the sidebar again  In the box that appears type  PUT   click OK

User · Answer

this worked for me on iis8 together with some of the other answers  My error was a 404 6 specifically   lt system webServer gt     lt security gt     lt requestFiltering gt       lt verbs applyToWebDAV  false  gt          lt add verb  DELETE  allowed  true    gt       lt  verbs gt     lt  requestFiltering gt     lt  security gt   lt  system webServer gt

User · Answer

Just a quick update for anyone else who might run into this issue  As of today  changing the  userprofile  documents iisexpress config applicationhost config does NOT work any longer  this was working fine until now  not sure if this is due to a Windows update   After hours of frustration  I changed the web config to add these handlers to system webserver to get it to work    lt handlers gt           lt remove name  ExtensionlessUrlHandler-ISAPI-4 0 32bit    gt           lt remove name  ExtensionlessUrlHandler-ISAPI-4 0 64bit    gt           lt remove name  ExtensionlessUrlHandler-Integrated-4 0    gt            lt add name  ExtensionlessUrlHandler-ISAPI-4 0 32bit  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS  modules  IsapiModule  scriptProcessor   windir  Microsoft NET Framework v4 0 30319 aspnet isapi dll  preCondition  classicMode runtimeVersionv4 0 bitness32  responseBufferLimit  0    gt           lt add name  ExtensionlessUrlHandler-ISAPI-4 0 64bit  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS  modules  IsapiModule  scriptProcessor   windir  Microsoft NET Framework64 v4 0 30319 aspnet isapi dll  preCondition  classicMode runtimeVersionv4 0 bitness64  responseBufferLimit  0    gt           lt add name  ExtensionlessUrlHandler-Integrated-4 0  path      verb  GET HEAD POST DEBUG PUT DELETE PATCH OPTIONS  type  System Web Handlers TransferRequestHandler  preCondition  integratedMode runtimeVersionv4 0    gt       lt  handlers gt

User · Answer

Update your web config     lt system webServer gt       lt modules gt         lt remove name  WebDAVModule   gt       lt  modules gt       lt handlers gt         lt remove name  WebDAV    gt         lt remove name  ExtensionlessUrl-Integrated-4 0    gt         lt add name  ExtensionlessUrl-Integrated-4 0             path                 verb  GET HEAD POST DEBUG DELETE PUT             type  System Web Handlers TransferRequestHandler             preCondition  integratedMode runtimeVersionv4 0    gt       lt  handlers gt     lt  system webServer gt    http   odetocode com blogs scott archive 2012 08 07 configuration-tips-for-asp-net-mvc-4-on-a-windows aspx  Removes the need to modify your host configs

User · Answer

Besides all above solutions  check if you have the  id  or any custom defined parameter in the DELETE method is matching the route config   public void Delete int id       some code here     If you hit with repeated 405 errors better reset the method signature to default as above and try    The route config by default will look for id in the URL  So the parameter name id is important here unless you change the route config under App Start folder   You may change the data type of the id though    For example the below method should work just fine   public void Delete string id       some code here     Note  Also ensure that you pass the data over the url not the data method that will carry the payload as body content   DELETE http    url   action   id    Example   DELETE http   localhost item 1   Hope it helps

User · Answer

In IIS 8 5  Windows 2012R2  Nothing mentioned here worked for me  I don t know what is meant by Removing WebDAV but that didn t solve the issue for me   What helped me is the below steps    I went to IIS manager   In the left panel selected the site   In the left working area  selected the WebDAV  Opened it double clicking  In the right most panel  disabled it    Now everything is working

User · Answer

Okay  I finally got to the bottom of this  You need to jump through some hoops to get the PUT and DELETE verbs working correctly with IIS8  In fact if you install the release candidate of VS 2012 and create a new WEB API project you ll find that the sample PUT and DELETE methods return 404 errors out of the box   To use the PUT and DELETE verbs with the Web API you need to edit  userprofile  documents iisexpress config applicationhost config and add the verbs to the ExtensionlessUrl handler as follows   Change this line    lt add name  ExtensionlessUrl-Integrated-4 0  path      verb  GET HEAD POST DEBUG  type  System Web Handlers TransferRequestHandler  preCondition  integratedMode runtimeVersionv4 0    gt    to    lt add name  ExtensionlessUrl-Integrated-4 0  path      verb  GET HEAD POST DEBUG PUT DELETE  type  System Web Handlers TransferRequestHandler  preCondition  integratedMode runtimeVersionv4 0    gt    In addition to the above you should ensure WebDAV is not interfering with your requests  This can be done by commenting out the following lines from applicationhost config    lt add name  WebDAVModule  image   IIS BIN  webdav dll    gt   lt add name  WebDAVModule    gt    lt add name  WebDAV  path     verb  PROPFIND PROPPATCH MKCOL PUT COPY DELETE MOVE LOCK UNLOCK  modules  WebDAVModule  resourceType  Unspecified  requireAccess  None    gt    Also be aware that the default Web API convention is that your method name should be the same as the invoked HTTP verb  For example if you re sending an HTTP delete request your method  by default  should be named Delete

User · Answer

After nothing worked  I was able to solve this by below steps       Did not select    WEB DAV PUBLISHING    IIS settings  while installing IIS      INETMGR - Default Website     Request Filtering     HTTP Verbs     PUT as True

[asp.net] ASP.NET Web API - PUT & DELETE Verbs Not Allowed - IIS 8

Examples related to asp.net

Examples related to iis

Examples related to asp.net-web-api

Examples related to iis-8