We have an ASP.NET Core 2.0 web site that also presents a couple of simple Web API methods for UI enhancement purposes.
The Web API calls work as expected when running locally under IIS Express, but when we deploy to our IIS 8.5 production web server, we get the following error when making HTTP DELETE and PUT requests...
405 Method Not Allowed
After some web searching, we have found several posts suggesting the removal of the IIS WebDAV module. We have disabled this in IIS (it is our server), and we have also tried the following:
Disabled WebDAV
Enabled WebDev and set Allow verb filtering = False
Set the Hander Mappings to allow All Verbs in the Request Restrictions settings for: aspNetCore, WebDAV and ExtensionlessUrlHandler-Integrated-4.0
None of the above steps have resolved our problem.
Any advice/direction would be much appreciated.
This was what worked for me (netcore 2.0)
<system.webServer>
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
</modules>
</system.webServer>
Found here: https://www.ryadel.com/en/error-405-methods-not-allowed-asp-net-core-put-delete-requests/
After hours of research and trial and error, the fix seems to be pretty simple. Add a Web.config file to your .NET Core 2.0 application:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!-- To customize the asp.net core module uncomment and edit the following section.
For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="aspNetCore" />
<remove name="WebDAV" />
<!-- I removed the following handlers too, but these
can probably be ignored for most installations -->
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="aspNetCore"
path="*"
verb="*"
modules="AspNetCoreModule"
resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%"
arguments="%LAUNCHER_ARGS%"
stdoutLogEnabled="false"
stdoutLogFile=".\logs\stdout" />
</system.webServer>
</configuration>
Hope this helps.
Whilst removing WebDAV may solve your issue, you may be wondering (like I was), what is WebDAV and what is it used for?
I found this page which helps explain it:
https://www.cloudwards.net/what-is-webdav/
To prevent WebDav from getting enabled at all, remove the following entry from the ApplicationHost.config:
<add name="WebDAVModule" />
The entry is located in the modules section.
Exact location of the config:
C:\Windows\System32\inetsrv\config\applicationHost.config
This worked well for me in .Net Core 2.1
In my case, I got the 405 error for .Net 5 Web API PUT and DELETE calls. I tried multiple solutions like removing WebDAV (Turn Windows features on or off -> IIS -> World Wide Web Services -> Common HTTP feature -> WebDAV Publishing) doesn't work, editing WebDAV entry in "Handler Mappings" messed up the application.
Solution
In IIS, select the application
Add rules to allow HTTP verbs in Request Filtering (But this alone doesn't work).
Go to "Modules", then select the "WebDAV Publishing" module and remove it.
Go to "Handler Mappings", then select the "WebDAV" and remove it.
in cmd run IISRESET
Add the following lines to your web.config file. That does it.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,PUT,DELETE,DEBUG" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" responseBufferLimit="0" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\Ftms.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
Remove the WebDAV Publishing from IIS server. Its come under the Internet Infromation service -> Common Http Features
https://ignas.me/tech/405-method-not-allowed-iis/
In my case, I resolved the issue after I add requireAccess="None" to aspNetCore handler
Like this :
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" requireAccess="None" />
For me, I resolved the issue after I noticed I was trying to post to the client domain instead of the API. [facepalm]
I didn't even have a mapping for aspnetcore under Handler Mappings in IIS. It made me open Visual Studio Installer and install Development time IIS support under .NET cross-platform development. Then, the aspnetcore handler mapping showed up in IIS.
If you're developing with recent ASP.NET Core version and using development server it's likely that it's not a WebDAV issue at all.
Make sure that your routes and HttpDelete/HttpPut attributes are set correctly. Otherwise you'll get the same or similar errors if the method is simply mismatched (e.g. route to a HttpGet one was chosen).
After long research on the internet, I solved it as follows;
<configuration>
<system.webServer>
<modules>
<remove name="ModSecurity IIS (64bits)" />
<remove name="ModSecurity IIS (32bits)" />
</modules>
</system.webServer>
To prevent WebDav from getting enabled at all, remove or comment the following entry from the ApplicationHost.config:
<add name="WebDAVModule" />
The entry is located in the modules section.
Exact location of the config:
C:\Windows\System32\inetsrv\config\applicationHost.config
This worked well for me in .Net Core 2.2
Related
I am trying to deploy an Asp.net boilerplate app on azure and I have already deployed my backend and the Swagger application is working fine, when I try to also deploy the Angular frontend I keep getting this error: HTTP Error 502.5 - ANCM Out-Of-Process Startup Failure.
I have found other threads discussing this problem, but since I am using the ASP.NET Boilerplate framework i do not have a .exe or .dll file that I can run to start the Web.Host project, not that I'm aware of atleast.
The logs in Kudu show this: Application '/LM/W3SVC/288745522/ROOT' with physical root 'D:\home\site\wwwroot\' failed to start process with commandline '%LAUNCHER_PATH% %LAUNCHER_ARGS%'.
It probably has something to do with those %LAUNCHER% variables not being found, I have found some other threads suggesting your should replace the LAUNCHER_ROOT [projectname].exe or [projectname].dll but I cant seem to find these in my project. This might be because of the way ASP.NET Boilerplate is built up.
This is my web.config:
<configuration>
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" startupTimeLimit="3600" requestTimeout="23:00:00">
<environmentVariables />
</aspNetCore>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Error message indicates that the ASP.NET Core Module attempts to start the worker process but it fails to start. The cause of a process startup failure can usually be reviewed from entries in the Application Event Log and the ASP.NET Core Module stdout log. Both logs can be found on the Kudu/SCM site in d:\home\Logfiles. In your web.config file located in the wwwroot folder, enable stdout logs, as so:
Web.config sample:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\MyApplicationAssembly.dll" stdoutLogEnabled="true"
stdoutLogFile="\\?\%home%\LogFiles\stdout" forwardWindowsAuthToken="false" />
</system.webServer>
</configuration>
Please check the eventlog.xml and the stdout logs you have collected.
Reference: https://blogs.msdn.microsoft.com/waws/2018/06/10/troubleshooting-http-502-5-startup-issues-in-azure-appservice-for-asp-net-core-websites/
Additional troubleshooting methods for ASP.Net at
https://learn.microsoft.com/en-us/aspnet/core/test/troubleshoot-azure-iis?view=aspnetcore-2.2#troubleshoot-on-azure-app-service.
Hope it helps.
I've written an ASP.Net web app with a custom HTTP handler. However, after importing the app into IIS 7.5, IIS returns this when the app is invoked:
HTTP/1.1 405 Method Not Allowed
When I enable the Failed Request Tracing Rules feature to trap HTTP 405 errors I see this:
My handler does not get invoked. So I'd like to remove the DirectoryListingModule. But, similar to #Brendan Hill here, nothing I've tried seems to disable the module. Even commenting out all the lines that mention this module in C:\Windows\System32\inetsrv\Config\applicationHost.config doesn't work:
<!--add name="DirectoryListingModule" image="%windir%\System32\inetsrv\dirlist.dll" /-->
<!--add name="DirectoryListingModule" lockItem="true" /-->
<!--add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" /-->
Like #Brendan Hill I would prefer a solution in my app's Web.config so I don't have to fiddle with IIS's settings. Excerpt from my current Web.config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="AuthServiceHandler"
path="*."
verb="*"
type="AuthServiceHTTPHandler.App_Code.AuthServiceHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
If I import my app into the Default Web Site in IIS and bind it to 9000 I can invoke the app with a POST request to http://localhost:9000 . This URL is fine; I'm not trying to request any web pages.
In the end I worked around the problem by creating a dummy web page and binding the handler to that for the POST verb I was interested in:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="AuthServiceHandler"
path="dummy.html"
verb="POST"
type="AuthServiceHTTPHandler.App_Code.AuthServiceHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
The handler would then be triggered for calls to http://localhost:9000/Auth/dummy.html, where Auth was the name of my app when deployed under the Default Web Site in IIS. (I hadn't appreciated I needed the context as well when I posted the question above.) So the DirectoryListingModule was effectively bypassed.
Handily, by binding the handler to the POST verb only you can use the same 'dummy' web page to provide useful info for users if they browse to it in a web browser (because the browser sends a GET request which won't be intercepted by the handler).
No IIS settings needed to be changed. This worked for me using IIS 7.5 on Windows 7.
I've had issues getting HTTP Delete and Put to work with ASP.NET 5 (vNext). Running calls to api endpoint with Delete and Put verb has resulted into a 404 error from IIS Express.
In previous version of ASP.NET you enabled this by accepting additional verbs in web.config.
I've figured out that changing the applicationhost.config under ./vs/config folder can enable the delete and put verbs but there must be another way enabling these from Visual Studio or by some config in the new project type that comes with ASP.NET 5.
Where can I configure this in ASP.NET 5? hosting.ini or project.json? Somewhere else?
You need to install HTTPPlatformHandler on your IIS http://docs.asp.net/en/latest/publishing/iis.html then your web.config should look like this:
<configuration>
<system.webServer>
<handlers>
<add name="httpplatformhandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
</handlers>
<httpPlatform processPath="..\approot\web.cmd" arguments="" stdoutLogEnabled="false" stdoutLogFile="..\logs\stdout.log" startupTimeLimit="3600"></httpPlatform>
</system.webServer>
</configuration>
If you have WebDAV handler installed on IIS, delete it or remove it in your web.config as it take over the PUT and DELETE verbs.
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/>
</modules>
<handlers>
<add name="httpplatformhandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
</handlers>
<httpPlatform processPath="..\approot\web.cmd" arguments="" stdoutLogEnabled="false" stdoutLogFile="..\logs\stdout.log" startupTimeLimit="3600"></httpPlatform>
</system.webServer>
</configuration>
web.config is still a thing but it only used for IIS configuration and is not needed by your app itself but may be needed if your app runs in IIS.
so you should be able to run your app from the command line using
dnx web
in the root folder of your web app project and I would expect that you find it works there.
for IIS you still need web.config and if you create a new asp.net 5 web project in VS 2015 using the latest web tooling for beta7 it will/should put a web.config file in your wwwroot folder.
this article may also help you
I have a handler, on runtime it create a watermark on images from a specific folder. The problem is that it worked, but now it doesn't.
All that I did was to changed the hosting.
My web.config looks like this:
<handler>
<add verb="*" name="ImageWatermarkHandler" type="ImageWatermarkHandler"
path="Pics/*.jpg,Pics/*.png" modules="IsapiModule"
scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll"
resourceType="Unspecified" preCondition="integratedMode" />
</handler>
Can you please help me?
Under IIS 7, you have to specify custom http handlers and modules under the configuration/system.webServer/handlers element of your web.config (unlike older IIS versions, where the element is configuration/system.web/httpHandlers).
There's difference between integrated mode (you only need the handlers part) and classic mode(you need both handlers and httpHandlers). For details see the MSDN entry
Edit: At first I haven't noticed the precondition for integrated mode, could it be that the new hosting runs your app in classic mode?
your config file should look like this,
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="Pics/*.jpg,Pics/*.png" type="ImageWatermarkHandler"/>
</httpHandlers>
</system.web>
<system.webServer>
<handlers>
<add verb="*" path="Pics/*.jpg,Pics/*.png" name="ImageWatermarkHandler" type="ImageWatermarkHandler"/>
</handlers>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
</configuration>
for more information,
http://msdn.microsoft.com/en-us/library/bb515343.aspx
I'm using url rewriting.net. I'm testing web on the local host, it is successfully work. But When i deploying web to remote host, url rewriting not work. Problem is (The resource cannot be found). I found problem. My deployed remote host IIS configuration is (Virtual dir->Properties->Home directory->Application Mapping->.aspx->Edit->"Check that file exist" is checked). I need to uncheck them. But my deployed host control panel not have a application mapping function.
How to uncheck this option using web.config?
Is it possible?
Has you another idea?
IIS6
If this is IIS6 then unfortunately there is no way to change the script map settings via your ASP.NET web.config file.
You would need to find a hoster that permitted this configuration change via their control panel, or ask your present hoster (nicely) to change this for you.
IIS7
If this is IIS7 then you need to add (if it doesn't already exist) a <system.webServer /> configuration section to your web.config file and modify the handler behaviour:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<!-- remove existing handlers -->
<remove name="PageHandlerFactory-ISAPI-2.0" />
<remove name="PageHandlerFactory-Integrated" />
<!-- add back but set resourceType="Unspecified" to prevent
checking if file exists -->
<add name="PageHandlerFactory-ISAPI-2.0"
resourceType="Unspecified"
path="*.aspx"
verb="GET,HEAD,POST,DEBUG"
modules="IsapiModule"
scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll"
requireAccess="Script"
preCondition="classicMode,runtimeVersionv2.0,bitness32"
responseBufferLimit="0" />
<add name="PageHandlerFactory-Integrated"
resourceType="Unspecified"
path="*.aspx"
verb="GET,HEAD,POST,DEBUG"
type="System.Web.UI.PageHandlerFactory"
preCondition="integratedMode" />
</handlers>
</system.webServer>
</configuration>
This will only work if your hoster has delegated read/write access to the Handler Mappings feature.
I'd be fairly surprised though if this was IIS 7 and the PageHandlerFactory-ISAPI-2.0 and PageHandlerFactory-Integrated handler were configured as resourceType="File" or resourceType="Either". Out of the box they're configured not to check for the existence of files and folders.