Ok so this not a big deal, but it's bugging me and I can't let it go.
So I'm using MVC 5.1 with .NET 4.5.1 and OWIN authentication. So when you create a new MVC 5 project, the following is automatically added to the Web.config to get rid of the forms authentication http module because it is no longer needed when using OWIN middleware:
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
</modules>
</system.webServer>
Now since we are removing the module, that means it was previously added, so here is the entry registering this http module in C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config:
<httpModules>
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
</httpModules>
And here is the entry in C:\Windows\System32\inetsrv\config\applicationHost.config for IIS 8.5 that tells my application to use the module:
<system.webServer>
<modules>
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" />
</modules>
</system.webServer>
So what is automatically added to my web config at the application level has a name attribute of "FormsAuthenticationModule" while the entries in the two server level/asp.net level config files use name attribute "FormsAuthentication". So what is going on here? It seems to me that the module won't be removed since the name attribute doesn't match. I would simply think this was a typo, but after searching online, everyone seems to be using "FormsAuthenticationModule" in the application web.config. Was this a recent change in the newer version of asp.net / iis or am I missing something?
You're right -- that's a typo in the template.
A major side effect of this "typo" is it will leave FormsAuthentication on causing loginpath of owin to be ignored and calls to authenticated pages going to /login.aspx
I have an ASP.NET Web API which works fine when running on "IIS Express" with localhost:1783
But when I uncross the "Use IIS Express" and then press "Create Virtual Directory"...
...I just get 404 errors:
Any ideas whats wrong? Thanks!
All you really need to add to the web.config file is:
<handlers>
<!-- Your other remove tags-->
<remove name="UrlRoutingModule-4.0"/>
<!-- Your other add tags-->
<add name="UrlRoutingModule-4.0" path="*" verb="*" type="System.Web.Routing.UrlRoutingModule" preCondition=""/>
</handlers>
Note that none of those have a particular order, though you want your removes before your adds.
The reason that we end up getting a 404 is because the Url Routing Module only kicks in for the root of the website in IIS. By adding the module to this application's config, we're having the module to run under this application's path (your subdirectory path), and the routing module kicks in.
For me, in addition to having runAllManagedModulesForAllRequests="true" I also had to edit the "path"
attribute below. Previously my path attribute was "*." which means it only executed on url's containing a dot
character. However, my application's url's don't contain a dot. When I switched path to "*" then it worked.
Here's what I have now:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/>
</modules>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*" verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
You may need to install Hotfix KB980368.
This article describes a update that enables certain Internet Information Services (IIS) 7.0 or IIS 7.5 handlers to handle requests whose URLs do not end with a period. Specifically, these handlers are mapped to "." request paths. Currently, a handler that is mapped to a "." request path handles only requests whose URLs end with a period. For example, the handler handles only requests whose URLs resemble the following URL:
http://www.example.com/ExampleSite/ExampleFile.
After you apply this update, handlers that are mapped to a "*." request path can handle requests whose URLs end with a period and requests whose URLs do not end with a period. For example, the handler can now handle requests that resemble the following URLs:
http://www.example.com/ExampleSite/ExampleFile
http://www.example.com/ExampleSite/ExampleFile.
After this patch is applied, ASP.NET 4 applications can handle requests for extensionless URLs. Therefore, managed HttpModules that run prior to handler execution will run. In some cases, the HttpModules can return errors for extensionless URLs. For example, an HttpModule that was written to expect only .aspx requests may now return errors when it tries to access the HttpContext.Session property.
This issue can also happen due to the following
1.In the Web.Config
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
2.Make sure the following are available in the bin folder on the server where the Web API is deployed
•System.Net.Http
•System.Net.Http.Formatting
•System.Web.Http.WebHost
•System.Web.Http
These assemblies won't be copied in the bin folder by default if the publish is through Visual Studio because the Web API packages are installed through Nuget in the development machine. Still if you want to achieve these files to be available as part of Visual Studio publish then you need to set CopyLocal to True for these Assemblies
Some people say runAllManagedModulesForAllRequests="true" will have performance issues and MVC routing issues.
They suggest to use the following:
http://www.britishdeveloper.co.uk/2010/06/dont-use-modules-runallmanagedmodulesfo.html
http://bartwullems.blogspot.com/2012/06/optimize-performance-of-your-web.html
I have been battling this problem for a couple of days trying all kinds of things suggested. My dev machine was working fine, but the new machine I was deploying to was giving me the 404 error.
In IIS manager, I compared the handler mappings on both machines to realize that a lot of handlers were missing. Turns out that ASP.Net 5 was not installed on the machine.
For me, this issue was slightly different than other answers, as I was only receiving 404s on OPTIONS, yet I already had OPTIONS specifically stated in my Integrated Extensionless URL Handler options. Very confusing.
As others have stated, runAllManagedModulesForAllRequests="true" in
the modules node is an easy way to blanket-fix most Web API 404 issues - although I prefer #DavidAndroidDev 's answer which is much less intrusive. But there was something additional in my case.
Unfortunately, I had this set in IIS under Request Filtering in the site:
By adding the following security node to the web.config was necessary to knock that out - full system.webserver included for context:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<remove name="WebDAV" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<security>
<requestFiltering>
<verbs>
<remove verb="OPTIONS" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
Although it's not the perfect answer for this question, it is the first result for "IIS OPTIONS 404" on Google, so I hope this helps someone out; cost me an hour today.
I had this problem with Blazor and .Net Core and found that incorporating the NavManagers "baseUrl" into my calls to the controller solved the issue regardless of using a Virtual Directory or the root website.
This worked for me!
string baseUrl = NavigationManager.BaseUri.ToString();
NavigationManager.NavigateTo(**baseUrl** + $"api/Download/DownloadFile?FileName="
+ sFilename, true);
I you are using Visual Studio 2012, download and install Update 2 that Microsoft released recently (as of 4/2013).
Visual Studio 2012 Update 2
There are some bug fixes in that update related to the issue.
I had as same problem . afer lot of R&D i found the problem.
but as long as your configuration are finne mean that aspnet 64 bit and the IIS well then
the only problem i saw is the path " web api taking the local directiry path" so that you need to avid it. by like this.. ~../../../api/products/
thank you very much for posting the problem. i leanred alot abt iis and other setting in config file.
For me I received a 404 error on my websites NOT using IIS Express (using Local IIS) while running an application that WAS using IIS Express. If I would close the browser that was used to run IIS Express, then the 404 would go away. For me I had my IIS Express project calling into Local IIS services, so I converted the IIS Express project to use Local IIS and then everything worked. It seems that you can't run both a non-IIS Express and Local IIS website at the same time for some reason.
Spend a whole week, after all the following setting worked ! and finally saved.
Removing the UrlScan from ISAPI fileters in IIS fixes the problem in our case
I developed an HttpHandler in order to count number of downloads for PDF files.
Now the problem is: How can I make IIS use my handler for PDF files?
For IIS 7 it does depend on which mode you are running IIS in. Microsoft has a great tutorial on this How to: Register HTTP Handlers which goes over all the different configuration scenarios but assuming you are running IIS 7 in integrated mode and your handler is a compiled binary you would need a web.config entry similar to the following:
<configuration>
<system.webServer>
<handlers>
<add name="pdfCountHandler" verb="*"
path="*.pdf"
type="<your handler class name>, <your handler assembly name>"
resourceType="Unspecified" />
</handlers>
</system.webServer>
</configuration>
High I'm trying to get a http handler working in iis 7.5 on my local machine. In the mode on visual studio iis my handler works with the web config set to.
<httpHandlers>
<add verb="GET" path="ShowImages.ashx" type="achangeoftack_new_web.ShowImages" />
</httpHandlers>
but when deployed it throws errors so I've set it to
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<add name="ShowImages.ashx" verb="GET" path="~/ShowImages.ashx" type="achangeoftack_new_web.ShowImages" />
</handlers>
<validation validateIntegratedModeConfiguration="true" />
But I'm still getting no luck with the handler working. I think I've tried everything now I'm starting to pull my hair out.
If you're using an ASHX, you don't need to do the registration in your web.config, just use it like a page url e.g.
<img src="ShowImages.ashx?id=SomeImageId" />
and it'll just work. So I'd try taking those elements out of your web.config and see if that fixes your errors.
Why This Works
When you run aspnet_regiis on a machine, ASHX is one of the extensions that's registered into IIS for you.
At runtime when IIS receives a request for an ASHX file, it passes it across to ASP.NET and ASP.NET then resolves it in the same way as for a page or user control, and your code gets run.
You only need to register your handler in web.config if you've written a handler in a standalone class.
I am experimenting with the integrated authentication mode for static content in IIS7. I followed the instructions in this article: https://web.archive.org/web/20210612113955/https://aspnet.4guysfromrolla.com/articles/122408-1.aspx
It is working fine if I allow/deny access by login status (like in the article). However I want to allow/deny access based on roles (using the ASP.NET built in Roles Provider). When I put an allow rule for the role "Admin" in the web.config and deny rule for all other users I am not able to access the static files even when I login as an admin. The same folder contains non-static content (aspx pages) that are accessed just fine based on the Role Provider information.
Any ideas?
Try adding the following to your <system.webServer> <modules> block:
<configuration>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
<remove name="RoleManager" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
</modules>
</system.webServer>
</configuration>
The RoleManager bit is key, and it's not included in any of the online examples that I could find. Without that, the user's role membership isn't initialized for static content, so role-based authorization will always fail.
(Disclaimer: I've pieced this together myself based on my limited understanding of IIS, but it seems to work.)
Edit (in response to your comment): Sorry, I don't know much about how RoleManager depends on other modules. You can view the default IIS configuration by looking at c:\Windows\System32\inetsrv\config\applicationHost.config (at least, that's the past on my Windows Vista machine) to see the order in which modules are loaded (note the use of managedHandler by default to restrict RoleManager to non-static content), and MSDN covers RoleManagerModule along with the rest of the modules in the System.Web.Security namespace, so you could probably find what you need there.
I would say the most likely culprit is that the static files are not being processed by ASP.NET but being left up to IIS.
Does it work if you add a wildcard script mapping?