I am trying to implement Azure cache for redis to manage session's in my application. This is working on localhost. After hosting to IIS got compile error in webconfig file.
I have created azure cache for redis in azure portal. I have made respective changes in code. It's working when I run with source code on local host. After hosting to IIS got the following error
"Provider must implement the class
System.Web.SessionState.SessionStateStoreProviderBase
<sessionState mode="Custom" customProvider="MySessionStateStore">
<providers>
<add name="MySessionStateStore" type="Microsoft.Web.Redis.RedisSessionStateProvider" host="myhostname" accessKey="Key1" ssl="true" />
</providers>
</sessionState>
Module added as following
<system.webServer>
<modules>
<remove name="Session" />
<add name="Session" type="Microsoft.AspNet.SessionState.SessionStateModuleAsync, Microsoft.AspNet.SessionState.SessionStateModule, Version=1.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="integratedMode" />
</modules>
</system.webServer>
I expected sessions values to store on azure cache for redis. But It's not working after hosting on IIS.
You can try this under app.config/web.config
<modules>
<remove name="Session" />
<add name="Session" type="Microsoft.AspNet.SessionState.SessionStateModuleAsync,Microsoft.AspNet.SessionState.SessionStateModule, Version=1.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="integratedMode" />
if this doesn't work as well, if you have an option, use non-SSL port and see if that works.
For anyone passing by that might have the same issue and for whom adding the Session tag didn't work, your application pool might be configured as 'Classic'
From this post, it seems Microsoft.AspNet.SessionState.SessionStateModuleAsync doesn't support classic application pools
You need to switch it to 'Integrated' like so :
Microsoft official application pools documentation
We have an ASP.NET Core 2.0 web site that also presents a couple of simple Web API methods for UI enhancement purposes.
The Web API calls work as expected when running locally under IIS Express, but when we deploy to our IIS 8.5 production web server, we get the following error when making HTTP DELETE and PUT requests...
405 Method Not Allowed
After some web searching, we have found several posts suggesting the removal of the IIS WebDAV module. We have disabled this in IIS (it is our server), and we have also tried the following:
Disabled WebDAV
Enabled WebDev and set Allow verb filtering = False
Set the Hander Mappings to allow All Verbs in the Request Restrictions settings for: aspNetCore, WebDAV and ExtensionlessUrlHandler-Integrated-4.0
None of the above steps have resolved our problem.
Any advice/direction would be much appreciated.
This was what worked for me (netcore 2.0)
<system.webServer>
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
</modules>
</system.webServer>
Found here: https://www.ryadel.com/en/error-405-methods-not-allowed-asp-net-core-put-delete-requests/
After hours of research and trial and error, the fix seems to be pretty simple. Add a Web.config file to your .NET Core 2.0 application:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!-- To customize the asp.net core module uncomment and edit the following section.
For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="aspNetCore" />
<remove name="WebDAV" />
<!-- I removed the following handlers too, but these
can probably be ignored for most installations -->
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="aspNetCore"
path="*"
verb="*"
modules="AspNetCoreModule"
resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%"
arguments="%LAUNCHER_ARGS%"
stdoutLogEnabled="false"
stdoutLogFile=".\logs\stdout" />
</system.webServer>
</configuration>
Hope this helps.
Whilst removing WebDAV may solve your issue, you may be wondering (like I was), what is WebDAV and what is it used for?
I found this page which helps explain it:
https://www.cloudwards.net/what-is-webdav/
To prevent WebDav from getting enabled at all, remove the following entry from the ApplicationHost.config:
<add name="WebDAVModule" />
The entry is located in the modules section.
Exact location of the config:
C:\Windows\System32\inetsrv\config\applicationHost.config
This worked well for me in .Net Core 2.1
In my case, I got the 405 error for .Net 5 Web API PUT and DELETE calls. I tried multiple solutions like removing WebDAV (Turn Windows features on or off -> IIS -> World Wide Web Services -> Common HTTP feature -> WebDAV Publishing) doesn't work, editing WebDAV entry in "Handler Mappings" messed up the application.
Solution
In IIS, select the application
Add rules to allow HTTP verbs in Request Filtering (But this alone doesn't work).
Go to "Modules", then select the "WebDAV Publishing" module and remove it.
Go to "Handler Mappings", then select the "WebDAV" and remove it.
in cmd run IISRESET
Add the following lines to your web.config file. That does it.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,PUT,DELETE,DEBUG" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" responseBufferLimit="0" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\Ftms.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
Remove the WebDAV Publishing from IIS server. Its come under the Internet Infromation service -> Common Http Features
https://ignas.me/tech/405-method-not-allowed-iis/
In my case, I resolved the issue after I add requireAccess="None" to aspNetCore handler
Like this :
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" requireAccess="None" />
For me, I resolved the issue after I noticed I was trying to post to the client domain instead of the API. [facepalm]
I didn't even have a mapping for aspnetcore under Handler Mappings in IIS. It made me open Visual Studio Installer and install Development time IIS support under .NET cross-platform development. Then, the aspnetcore handler mapping showed up in IIS.
If you're developing with recent ASP.NET Core version and using development server it's likely that it's not a WebDAV issue at all.
Make sure that your routes and HttpDelete/HttpPut attributes are set correctly. Otherwise you'll get the same or similar errors if the method is simply mismatched (e.g. route to a HttpGet one was chosen).
After long research on the internet, I solved it as follows;
<configuration>
<system.webServer>
<modules>
<remove name="ModSecurity IIS (64bits)" />
<remove name="ModSecurity IIS (32bits)" />
</modules>
</system.webServer>
To prevent WebDav from getting enabled at all, remove or comment the following entry from the ApplicationHost.config:
<add name="WebDAVModule" />
The entry is located in the modules section.
Exact location of the config:
C:\Windows\System32\inetsrv\config\applicationHost.config
This worked well for me in .Net Core 2.2
This problem may be related to the UrlRoutingModule handling all the routing and bypassing SiteMinder. Any ideas on how may I be able to make SiteMinder's webagent handle the HTTP request before MVC's default request handler?
<system.webServer>
<!-- SM Server Config -->
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="wa-handler" path="*" verb="*" type="" modules="IsapiModule" scriptProcessor="%NETE_WA_PATH%\ISAPI6WebAgent.dll"
resourceType="Unspecified" requireAccess="None" allowPathInfo="false" preCondition="" responseBufferLimit="4194304" />
</handlers>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
Issue Resolved: Apparently, for SiteMinder to protect ASP.NET MVC Apps, it must be upgraded to version R12.5 / WebAgent 7 or higher. Just update SiteMinder on your IIS server and it should start working.
I've written an ASP.Net web app with a custom HTTP handler. However, after importing the app into IIS 7.5, IIS returns this when the app is invoked:
HTTP/1.1 405 Method Not Allowed
When I enable the Failed Request Tracing Rules feature to trap HTTP 405 errors I see this:
My handler does not get invoked. So I'd like to remove the DirectoryListingModule. But, similar to #Brendan Hill here, nothing I've tried seems to disable the module. Even commenting out all the lines that mention this module in C:\Windows\System32\inetsrv\Config\applicationHost.config doesn't work:
<!--add name="DirectoryListingModule" image="%windir%\System32\inetsrv\dirlist.dll" /-->
<!--add name="DirectoryListingModule" lockItem="true" /-->
<!--add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" /-->
Like #Brendan Hill I would prefer a solution in my app's Web.config so I don't have to fiddle with IIS's settings. Excerpt from my current Web.config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="AuthServiceHandler"
path="*."
verb="*"
type="AuthServiceHTTPHandler.App_Code.AuthServiceHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
If I import my app into the Default Web Site in IIS and bind it to 9000 I can invoke the app with a POST request to http://localhost:9000 . This URL is fine; I'm not trying to request any web pages.
In the end I worked around the problem by creating a dummy web page and binding the handler to that for the POST verb I was interested in:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="AuthServiceHandler"
path="dummy.html"
verb="POST"
type="AuthServiceHTTPHandler.App_Code.AuthServiceHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
The handler would then be triggered for calls to http://localhost:9000/Auth/dummy.html, where Auth was the name of my app when deployed under the Default Web Site in IIS. (I hadn't appreciated I needed the context as well when I posted the question above.) So the DirectoryListingModule was effectively bypassed.
Handily, by binding the handler to the POST verb only you can use the same 'dummy' web page to provide useful info for users if they browse to it in a web browser (because the browser sends a GET request which won't be intercepted by the handler).
No IIS settings needed to be changed. This worked for me using IIS 7.5 on Windows 7.
I am using angularjs and Web API. In order to authenticate user, I use FormAuthenticationTicket (I just create the ticket with user data, encrypt it and then return to the client).
When the client sends request he adds this encrypted cookie to the header of his request.
On remote server I decrypt the ticket, and verify if that user is legit.
On localhost it works perfectly.
on server I have an error, and after very short time the user is not identified.
after many debugging, I noticed that sometimes when the server tries to decrypt the ticket he gets exception: "error occurred during a cryptographic operation"
I googled this error, and from what I understood, the error is because the server tries to decrypt the ticket with another machine key.
thought maybe setting machine key in web.config will resolve the issue, but all the articles that I found were talking about early .net framework versions ( I am using 4.5.1).
This is when I get the error:
FormsAuthenticationTicket fat = FormsAuthentication.Decrypt(enc_ticket);
This is my web.config:
<configuration><appSettings></appSettings>
<system.web> <compilation debug="true" targetFramework="4.5.1">
<assemblies>
<add assembly="System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
</assemblies>
</compilation>
<httpRuntime targetFramework="4.5.1" />
<customErrors mode="Off"/>
<trust level="Full" />
</system.web>
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
</configuration>
After many research this is how I solved the problem:
Generate the machine key here and just add the machinekey values to web.config. This machine key will always be used on any of servers on webfarm where you hosting you website.