I have created a simple WebAPI using .Net Core 2.2. While I use POSTMAN to hit the action method with PUT HttpVerb, I get
405 - Method not allowed
message. While I checked for this online, the suggestion was to remove the WebDAV module from the Web.config. But in the .Net Core WebAPI, there is launchSettings.json and appsettings.json for the configuration.
Kindly help me as to how to set the setting in either of the aforementioned config files to remove the WebDAV module.
I'm new to .Net Core.
I tried to create a Web.Config and used the below code to remove the WebDAV module, but no luck
<system.webServer>
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
</modules>
</system.webServer>
I haven't done this is WebAPI without using .Net Core. The request from POSTMAN is expected to hit the PUT method.
Kindly help.
How to convert this setting to JSON format for appSettings.json
We had the same problem; PUT was enabled in IIS Express, which was our testing environment, and WebDAV was installed on the production environment which disabled PUT and DELETE verbs. This resulted in an error on the production server: 405 HTTP verb used to access this page is not allowed
This is solved by adding a web.config configuration file to the project that disables WebDAV -- don't try to add this to the app.settings JSON file.
web.config file below:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
</modules>
</system.webServer>
</configuration>
Related
I have a working ASP.NET web application. I'm trying to enable SSL using Let's Encrypt and to do this my shared web host host (A2) adds a web.config in the .well-known/acme-challenge directory. (All this web.config does is to bind extensionless files to plain text).
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="text/plain" />
</staticContent>
</system.webServer>
</configuration>
The issue is the mere presence of a web.config in a subfolder seems to cause any request for resources from this folder to fail, returning a 500 error. I've even tried a completely empty web.config in this folder and that still causes 500 errors. My understanding is that ASP.NET should support additional web.configs in subfolders but I have no idea why it isn't working.
I have a web.config in my root folder with the proper binding for extensionless files but the A2 Let's Encrypt tool insists on adding its own into the subfolder. I do not have any attributes preventing overridding in this web.config.
I've searched extensively for how to fix this but most of the solutions I see require changing IIS configuration. As this is a shared web host, I have extremely limited control over IIS, so that is not a viable option.
Can you add this to your root web.config:
<customErrors mode="Off" />
... which will then result in some more error information included in the 500 response? That could provide some hints as to how to properly fix this.
I've started learning web services with ASP.NET. When doing a quick search on how to build and use a simple web service, this page seemed nice and simple.
I followed the instruction "copy FirstService.asmx in the IIS virtual directory...[and] open the web service" (actually, it is displayed as FirstService.asmx.cs), but from there on problems started. I got several HTTP Error (as explained here, I gave permissions to both IUSR and IIS_USRS, though the latter is probably irrelevant) and I'm now stuck with Error 404.7.
I tried the suggestions of these two (1, 2) SO posts (so I now have a second file on my folder, a Web.config file, though the site linked above said nothing about Web.config files), nothing helped.
Note that I also followed this page to register the correct version of ASP.NET with IIS.
Is there any other option?
EDIT:
Windows 7 Ultimate (64-bit), IIS 7.5
Full error (pardon the graphics):
Error Summary
HTTP Error 404.7 - Not Found The request filtering
module is configured to deny the file extension.
Detailed Error Information
Module: RequestFilteringModule
Notification: BeginRequest
Handler: StaticFile
Error Code: 0x00000000
Requested URL: http://localhost:80/MyWebServices/WebService1.asmx.cs
Physical Path: C:\Users\home\Desktop\MyWebServices\WebService1.asmx.cs
Logon Method: Not yet determined
Logon User: Not yet determined
My Web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions allowUnlisted="true">
<remove fileExtension="." />
<add fileExtension="." allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
</configuration>
.cs is a code file and by default all .cs files are not allowed to be browsed in browser of course due to security concerns as all code is in there.
Also if you want to browse your webservice you don't need to browse .cs file you need to browse following
http://localhost:80/MyWebServices/WebService1.asmx
If MIME Type for asmx is not added you will need to added MIME Type for asmx.
Go to IIS
Select Your Website/Webservice on left side.
Select MIME Types.
Select Add on top right.
Add .asmx in File Name extension and text/xml in MIME Tpe
I have the following defined on my Web.config file so that it will serve json files.
<system.webServer>
<staticContent>
<mimeMap fileExtension=".json" mimeType="application/json" />
</staticContent>
This works fine when running the application with Visual Studio, but when using this project with IIS server it will make it not deliver any css or javascript files leaving html alone. Commenting out the lines fixes it.
Is that the wrong way of telling the server to accept json file requests? Otherwise, why does it create a conflict on IIS?
I have an owin project I am hosting it using Microsoft.Owin.Host.SystemWeb. It works fine but if I have a Dot in the url it fails and I get a 404. For example
localhost:4070/cdn/aa works
but
localhost:4070/cdn/a.a doesn't work
I have also done the following changes in
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
</modules>
I am sure this setting solves the problem in plain asp.net web api but I am having this issue with Owin.
update
I have tried this with owin host it is similar behavior, the calls with "." are not routed to webapi.
I can understand the behavior that when there is a dot in the last part of the url the framework thinks it is a file and tries to handle it but my problem is that I would like to handle these urls in my normal pipeline. I am actually writing a proxy for Microsoft cdn and the files are generated on run time using another server.
This config worked for me:
<system.webServer>
<handlers>
<add name="OWIN" path="*" verb="*" type="Microsoft.Owin.Host.SystemWeb.OwinHttpHandler" />
</handlers>
</system.webServer>
In odred to get file path from "public/" folder and put it in response I ended up with this:
string filePath = System.Web.Hosting.HostingEnvironment.MapPath("~/public" + context.Request.Path);
Ok so this not a big deal, but it's bugging me and I can't let it go.
So I'm using MVC 5.1 with .NET 4.5.1 and OWIN authentication. So when you create a new MVC 5 project, the following is automatically added to the Web.config to get rid of the forms authentication http module because it is no longer needed when using OWIN middleware:
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
</modules>
</system.webServer>
Now since we are removing the module, that means it was previously added, so here is the entry registering this http module in C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config:
<httpModules>
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
</httpModules>
And here is the entry in C:\Windows\System32\inetsrv\config\applicationHost.config for IIS 8.5 that tells my application to use the module:
<system.webServer>
<modules>
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" />
</modules>
</system.webServer>
So what is automatically added to my web config at the application level has a name attribute of "FormsAuthenticationModule" while the entries in the two server level/asp.net level config files use name attribute "FormsAuthentication". So what is going on here? It seems to me that the module won't be removed since the name attribute doesn't match. I would simply think this was a typo, but after searching online, everyone seems to be using "FormsAuthenticationModule" in the application web.config. Was this a recent change in the newer version of asp.net / iis or am I missing something?
You're right -- that's a typo in the template.
A major side effect of this "typo" is it will leave FormsAuthentication on causing loginpath of owin to be ignored and calls to authenticated pages going to /login.aspx