54

We have an ASP.NET Core 2.0 web site that also presents a couple of simple Web API methods for UI enhancement purposes.

The Web API calls work as expected when running locally under IIS Express, but when we deploy to our IIS 8.5 production web server, we get the following error when making HTTP DELETE and PUT requests...

405 Method Not Allowed

After some web searching, we have found several posts suggesting the removal of the IIS WebDAV module. We have disabled this in IIS (it is our server), and we have also tried the following:

  • Disabled WebDAV
  • Enabled WebDev and set Allow verb filtering = False
  • Set the Hander Mappings to allow All Verbs in the Request Restrictions settings for: aspNetCore, WebDAV and ExtensionlessUrlHandler-Integrated-4.0

None of the above steps have resolved our problem.

Any advice/direction would be much appreciated.

Nkosi
  • 191,971
  • 29
  • 311
  • 378
Neilski
  • 4,043
  • 5
  • 35
  • 69

8 Answers8

64

After hours of research and trial and error, the fix seems to be pretty simple. Add a Web.config file to your .NET Core 2.0 application:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <!-- To customize the asp.net core module uncomment and edit the following section. 
         For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
    <system.webServer>
        <modules>
            <remove name="WebDAVModule" />
        </modules>
        <handlers>
            <remove name="aspNetCore" />
            <remove name="WebDAV" />
            <!-- I removed the following handlers too, but these
                 can probably be ignored for most installations -->
            <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
            <remove name="OPTIONSVerbHandler" />
            <remove name="TRACEVerbHandler" />

            <add name="aspNetCore" 
                 path="*" 
                 verb="*" 
                 modules="AspNetCoreModule" 
                 resourceType="Unspecified" />
        </handlers>
        <aspNetCore processPath="%LAUNCHER_PATH%" 
                    arguments="%LAUNCHER_ARGS%" 
                    stdoutLogEnabled="false"
                    stdoutLogFile=".\logs\stdout" />
    </system.webServer>
</configuration>

Hope this helps.

Neilski
  • 4,043
  • 5
  • 35
  • 69
  • 3
    If I try to publish with a web.config file I just get an error near the end of the publish process. I read elsewhere that ASP.NET Core 2.0 doesn't support web.config files any more. Any ideas? – Dickie Watkins Aug 01 '18 at 07:24
  • How are you publishing - in Visual Studio, VSTS or something else? As notes below we are running in IIS 8.5 and .NET Core 2.0 without a problem. – Neilski Aug 01 '18 at 11:04
  • 1
    @DickieWatkins, in my case, with Asp.Net Core 2.1, and deploying from Visual Studio, a web.config was autogenerated on the server as part of the deployment process. If you just take that file, copy it to your project, add the `` as shown in this answer, then just set the build rule to "Copy Always," then in future deployments that same webconfig will be used, but appended to automatically. But, this is likely dependent on your deployment method and whether you're running IIS. – Kevin Fichter Aug 16 '18 at 19:11
  • Thanks a lot it took me just half a day to realize that my server has the problem and the iis is the problem and not the app itself – Nicu Mar 01 '19 at 13:46
  • I am using Kestrel, does this solution apply? – Franva Jul 03 '19 at 13:08
  • Found that only this was needed for me: – Rob10e Oct 25 '19 at 17:43
59

This was what worked for me (netcore 2.0)

<system.webServer>
  <modules runAllManagedModulesForAllRequests="false">
    <remove name="WebDAVModule" />
  </modules>
</system.webServer>

Found here: https://www.ryadel.com/en/error-405-methods-not-allowed-asp-net-core-put-delete-requests/

Manuel Alves
  • 3,263
  • 1
  • 25
  • 20
  • It worked but this made my website so slow in .net core 2.1 RC, I had to remove this instruction – Alexandre May 11 '18 at 21:50
  • 1
    @Alexandre This setting should really only be necessary for a service site. A website should respond to GET and POST by default, and really should need nothing else. If you are doing REST calls to your website, I would suggest off-loading these calls to a sub-application, and app pool that can be managed separately. – iGanja Apr 26 '19 at 15:39
7

Whilst removing WebDAV may solve your issue, you may be wondering (like I was), what is WebDAV and what is it used for?

I found this page which helps explain it:

https://www.cloudwards.net/what-is-webdav/

JTech
  • 3,076
  • 5
  • 37
  • 46
6

To prevent WebDav from getting enabled at all, remove the following entry from the ApplicationHost.config: 

<add name="WebDAVModule" />

The entry is located in the modules section.

Exact location of the config:
C:\Windows\System32\inetsrv\config\applicationHost.config

This worked well for me in .Net Core 2.1

Yush0
  • 1,277
  • 15
  • 22
  • Better to add the "remove" node instead; as shown in Manuel Alves' answer. If your app is a sub app, it can still pick up this setting from a parent web.config. The selected answer has a lot more code than is technically needed to simply allow all verbs. – iGanja Apr 26 '19 at 15:27
  • @iGanja: depending on the deployment process the web.config gets overwritten or you dont want to wrestle with it at all in .net core. It is also advisable to dont add unused features webserver wide for security. – Yush0 May 10 '19 at 10:24
5

Remove the WebDAV Publishing from IIS server. Its come under the Internet Infromation service -> Common Http Features

https://ignas.me/tech/405-method-not-allowed-iis/

uthayathasan
  • 51
  • 1
  • 1
  • Control Panel -> Uninstall Program -> Turn Windows features on or off -> IIS -> World Wide Web Services -> Common HTTP feature -> WebDAV Publishing. – JDNickell Aug 07 '19 at 17:05
2

In my case, I got the 405 error for .Net 5 Web API PUT and DELETE calls. I tried multiple solutions like removing WebDAV (Turn Windows features on or off -> IIS -> World Wide Web Services -> Common HTTP feature -> WebDAV Publishing) doesn't work, editing WebDAV entry in "Handler Mappings" messed up the application.

Solution

In IIS, select the application

  1. Add rules to allow HTTP verbs in Request Filtering (But this alone doesn't work).
  2. Go to "Modules", then select the "WebDAV Publishing" module and remove it.
  3. Go to "Handler Mappings", then select the "WebDAV" and remove it.
  4. in cmd run IISRESET
sasi reka
  • 115
  • 13
0

For me, I resolved the issue after I noticed I was trying to post to the client domain instead of the API. [facepalm]

Eric
  • 7,366
  • 17
  • 91
  • 126
-1

To prevent WebDav from getting enabled at all, remove or comment the following entry from the ApplicationHost.config:

<add name="WebDAVModule" />

The entry is located in the modules section.

Exact location of the config: C:\Windows\System32\inetsrv\config\applicationHost.config

This worked well for me in .Net Core 2.2

M Arslan Riaz
  • 98
  • 9