Reputation: 1746
PUT + DELETE Http Verbs returning 401/405 from API on shared hosting webserver
I have created an MVC Web Api for some university coursework, that works as expected on my development machine (Running VS11).
However when I deploy the application to the webserver on 123reg HttpVerbs other than GET and POST appear to not reach my application at all, initially a 401 Not Authorised response was returned; however after turning off the "WebDAV" module as suggested here these 401s became 405 Method not allowed. In this case I only disabled the handlers as disabling both the handlers and the module meant that my application did not start at all (Error 500 without a stacktrace [custom errors are off]).
I am planning to utilise the forms membership provider to add authentication capabilities to my API, however I removed any [Authorise] attributes from my code when 401s began appearing.
Applications on 123Reg's shared hosting are run under Medium trust.
I have been in contact with 123Reg support, and they have been semi helpful, but have since decided that they cannot help me further (They suggested adding HttpHandlers as detailed below) (Apparently, I should consult a web designer...)
Things I have tried:
I have added [AllowAnonymous] Attributes to my controllers and/or actions with no effect.
I have added the authorization web.config attribute allowing all verbs and paths to all users both authenticated and not:
<authorization>
<allow users="*" />
<allow users="?" />
<allow verbs="*" users="*" />
<allow verbs="*" users="?" />
</authorization>
I have added (As suggested by 123Reg):
<system.webServer>
<handlers>
<remove name="WebDAV" />
<add name="PUTVerbHandler" path="*" verb="PUT" modules="ProtocolSupportModule" resourceType="Unspecified" />
<add name="DELETEVerbHandler" path="*" verb="DELETE" modules="ProtocolSupportModule" resourceType="Unspecified" />
</handlers>
</system.webServer>
This appeared to be a step forward, as we now receive 405 responses rather then 401 respones, however I am now unable to make any further progress. Additionally I have also added:
<httpHandlers>
<add verb="*" path="*" type="System.Web.Mvc.MvcHttpHandler"/>
</httpHandlers>
This also made no difference.
Any help you can give would be much appreciated (I dont really want to have to move host for this application!)
Upvotes: 3
Views: 8372
Answers (3)
Reputation: 1334
For me it was something different. I had to go to the site folder, open the security tab for the folder, press Edit button to change group or user names permissions, find the site from my IIS 8 sites and give it a full control permission.
Upvotes: 0
Reputation: 553
This post solved my problem. I did all the regular things: added all the necessary <handlers> entries, disabled WebDAV, but I still had 401.3 Unauthorized.
Enabling forms authentication solved the problem:
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms" />
</system.web>
Upvotes: 2
Reputation: 107
I found this: http://forums.iis.net/t/1163441.aspx
From the looks of that forum post, you need to completely uninstall WebDAV for the PUT and DELETE Verbs to work. This is not going to help on a shared webhosting scenario unfortunately.
Upvotes: 1
Related Questions
- 405 Method Not Allowed for PUT and DELETE in ASP.NET WebAPI
- HTTP Verbs PUT and DELETE: 405 Method not allowed - how to allow?
- DELETE/PUT verbs result in 404 Not Found in WebAPI, only when running locally
- HTTP PUT and DELETE not allowed by default on ASP.NET web API
- WebAPI return 404 on PUT/DELETE operations
- ASP.NET Web Api "The requested resource does not support http method PUT/DELETE"
- How to get PUT and DELETE verbs to work with WebAPI on IIS
- Web API delete and put not working when hosted on shared hosting
- Why am I getting 400 BAD REQUEST when sending DELETE verb to ASP.NET Web API?
- Asp.net MVC Web Api Http put and delete requests failing