IIS - Post - Erro 405 Method Not Allowed - iis

I configured my site in IIS as the image bellow:
"CTA_Ext" is a front-end project and "api" is a WebApi (c#) project
api project works as a "middleware" tha receives all resquest (by post) and redirect to another internal API's.
When i publish it with this configuration, I always get 405 error: Method Not Allowed
In my web.config i alread remove webdav module:
<system.webServer>
<handlers>
<remove name="WebDAV" />
<add name="WebDAV" path="*" verb="*" modules="WebDAVModule" resourceType="Unspecified" requireAccess="None" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<validation validateIntegratedModeConfiguration="false" />
Does anybody knows what i can do to solve this problem?

Related

IIS Shared Configuration > HTTP Error 500.21

I'm trying to run my dotnet core app in IIS Clustered environment. It runs perfectly when shared configuration is disabled. But soon I enable shared configuration, the application fails to start, and gives error:
HTTP Error 500.21 - Internal Server Error
Handler "ExtensionlessUrl-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list
I had been looking for the solution since few days, but nothing worked for me. Mostly posts at SO ask to install/reinstall .NET 4/4.5 etc, but this isn't applicable in my case, as it is already updated.
Following are the concerned section of my configuration
(I can provide more if needed)
Web.config:
...
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrl-Integrated-4.0" />
<add name="ExtensionlessUrl-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,DELETE,PUT" type="System.Web.Handlers.TransferRequestHandler" />
</handlers> ...
Shared applicationHost.config:
<handlers>
...
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" responseBufferLimit="0" />
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
</handlers>
...
...
<modules>
...
<add name="ApplicationInitializationModule" lockItem="true" />
<add name="AspNetCoreModule" />
<add name="RewriteModule" />
<add name="ApplicationRequestRouting" />
</modules>
Is there something I am missing?
The app runs fine when disable shared configuration of IIS, or when run through .exe. So I believe the required features are installed. Is there any feature/package specifically required for shared configuration case? Please guide.

HTTP Error 405.0 - Method Not Allowed - WebDAV issue? (IIS)

I'm trying to build a simple Web API service (Visual Studio, C#, local IIS) that has an http handler that accepts PUT and other requests
After getting everything configured, I'm trying to test the PUT event and am receiving
HTTP Error 405.0 - Method Not Allowed error.
Module WebDAVModule
Notification MapRequestHandler
Handler WebDAV
Error Code 0x00000000
Google searches revealed that WebDAV intercepts PUT commands, so I am removing it from web.config:
<system.webServer>
<handlers accessPolicy="Read, Execute, Script">
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="WebDAV"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
I'm afraid to uninstall WebDAV from my dev box, as it may break other web projects that do rely on the module.
What am I doing wrong?
Adding this snippet can resolve your problem:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>

Enabling OPTIONS method on Azure Cloud Service (to enable CORS)

I am developing a public API using Azure API Management, which then calls service methods in my cloud service.
To allow other apps to use this API from a browser environment, I need to enable CORS in the cloud service. Enabling CORS involves handling OPTIONS requests which are sent by the browser as a pre-flight to check if the correct headers are set.
To make sure the OPTIONS request reaches my application I have had to make a few changes in my web.config:
<system.webServer>
<handlers>
<remove name="SimpleHandlerFactory-Integrated-4.0" />
<remove name="SimpleHandlerFactory-Integrated" />
<remove name="SimpleHandlerFactory-ISAPI-4.0_64bit" />
<remove name="SimpleHandlerFactory-ISAPI-4.0_32bit" />
<remove name="SimpleHandlerFactory-ISAPI-2.0-64" />
<remove name="SimpleHandlerFactory-ISAPI-2.0" />
<remove name="OPTIONSVerbHandler" />
<add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="bitness32" />
<add name="SimpleHandlerFactory-ISAPI-2.0" path="*.ashx" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv2.0,bitness32" responseBufferLimit="0" />
<add name="SimpleHandlerFactory-ISAPI-2.0-64" path="*.ashx" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv2.0,bitness64" responseBufferLimit="0" />
<add name="SimpleHandlerFactory-ISAPI-4.0_32bit" path="*.ashx" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="SimpleHandlerFactory-ISAPI-4.0_64bit" path="*.ashx" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="SimpleHandlerFactory-Integrated" path="*.ashx" verb="*" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv2.0" />
<add name="SimpleHandlerFactory-Integrated-4.0" path="*.ashx" verb="*" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
. . .
</system.webServer>
This ensures that the OPTIONS calls reach my .ashx and .svc code in which I can then set the correct headers.
This all works fine locally when I call the services from another domain, for example using js fiddle.
However, when I upload my application to Azure, it no longer works. Any OPTIONS requests return a 404 immediately.
It seems that the handler definitions used to forward the OPTIONS requests to my applications do not work on Azure.
My question is: what do I need to configure to make sure OPTIONS requests reach my application and can be handled there on Azure?
In the end I ended up removing the handlers as in my question, but adding two custom handlers:
<remove name="SimpleHandlerFactory-Integrated-4.0" />
<remove name="SimpleHandlerFactory-Integrated" />
<remove name="SimpleHandlerFactory-ISAPI-4.0_64bit" />
<remove name="SimpleHandlerFactory-ISAPI-4.0_32bit" />
<remove name="SimpleHandlerFactory-ISAPI-2.0-64" />
<remove name="SimpleHandlerFactory-ISAPI-2.0" />
<remove name="OPTIONSVerbHandler" />
<!-- Added the following handlers -->
<add name="AshxHandler" path="*.ashx" verb="*"
type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified"
requireAccess="Script"/>
<add name="SvcHandler" path="*.svc" verb="*"
type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified"
requireAccess="Script"/>
Another part of the answer was adding the OPTIONS operations in API Management.
Using the CORS policy of API Management as suggested by Miao Jiang actually did not work and in fact breaks CORS in my situation when I include it now.
I'm sure it will work for other situations though.
EDIT: I ended up using policies anyway, and it now works. No OPTIONS operations need to be added. I've used the following policy on API level:
<policies>
<inbound>
<base />
<cors>
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods>
<method>GET</method>
<method>POST</method>
<method>OPTIONS</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
</cors>
</inbound>
<outbound>
<base />
</outbound>
</policies>
I had a similar issue with OPTIONS request on an Web API running on Azure. There was a simple fix available:
In the Azure Portal, click on your App Service to open the management interface.
Scroll down the list of management options until you reach the 'API' section, and click on 'CORS'
Either enter the web address of the allowed origin, or enter '*' to allow all, and click Save.

How to access physical file in OrchardProject?

I have a blog that is using the OrchardProject CMS. One thing I noticed is that if I add a file to the root of my website, and access it via www.example.com/test.html, I get a 404 error.
Does OrchardProject have a restriction on this?
You need to put a handler entry in the web.config for static files to be served up. By default a 404 is returned for any requests that are not served via a managed handler.
If your file is in the root, then in the Orchard.Web web.config replace
<handlers accessPolicy="Script">
<!-- Clear all handlers, prevents executing code file extensions or returning any file contents. -->
<clear />
<!-- Return 404 for all requests via a managed handler. The URL routing handler will substitute the MVC request handler when routes match. -->
<add name="NotFound" path="*" verb="*" type="System.Web.HttpNotFoundHandler" preCondition="integratedMode" requireAccess="Script" />
<!-- WebApi -->
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
with
<handlers accessPolicy="Script, Read">
<!-- Clear all handlers, prevents executing code file extensions or returning any file contents. -->
<clear />
<add name="TestFile" path="test.html" verb="*" type="System.Web.StaticFileHandler" preCondition="integratedMode" requireAccess="Read" />
<!-- Return 404 for all requests via a managed handler. The URL routing handler will substitute the MVC request handler when routes match. -->
<add name="NotFound" path="*" verb="*" type="System.Web.HttpNotFoundHandler" preCondition="integratedMode" requireAccess="Script" />
<!-- WebApi -->
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
The path can use wildcards if you want to allow access to multiple files.

put request on iis returns a 401 error - Server error Access denied

I'm trying to send a put request using Fiddler to an iis app. It fails with a 401 error but other verbs such as post work fine.
I've:
tried the suggestion in http://blogs.msdn.com/b/joseph_fultz/archive/2009/07/23/enabling-the-put-verb-with-handlers-and-iis-7-0.aspx
by modifying applicationHost.config to add PUT to SimpleHandlerFactory-Integrated
tried modifying web.config as below:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<security>
<requestFiltering>
<verbs>
<add verb="GET,PUT,POST,HEAD" allowed="true" />
</verbs>
</requestFiltering>
</security>
<handlers>
<remove name="SimpleHandlerFactory-ISAPI-4.0_64bit" />
<remove name="SimpleHandlerFactory-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="SimpleHandlerFactory-ISAPI-4.0_32bit" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.Net\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness32"
responseBufferLimit="0" />
<add name="SimpleHandlerFactory-ISAPI-4.0_64bit" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.Net\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness64"
responseBufferLimit="0" />
</handlers>
</system.webServer>
Does anyone know how to enable put on iis 7.5?
There are lots of answers around the WebDAV module that a little searching will find.
Another thing to try is switching <modules runAllManagedModulesForAllRequests="true" /> to <modules />.
This worked for me on an IIS/node install.

Resources