CODEWITHSUNDEEP
c#asp.net-coreiiscorsasp.net-web-api2
Rami Yusf
Rami Yusf

Reputation: 3022

Delete and Options requests gets a 401 unathorized response

I'm using a .net core web api 3.1 hosted on remote IIS server, with every delete/options request I get a 401 unathorized html response, I allowed the CORS in my startup but no luck.

Update: this is my startup

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<BrmajaCommerceSearchContext>(options => options.UseSqlServer(Configuration.GetConnectionString("SearchConnectionString")));
        services.AddDbContext<IdentityContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
        services.AddCors(o => o.AddPolicy("AllowAll", b => b.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()));
        services.AddControllers().AddNewtonsoftJson(s =>
        {
            s.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
        });

        services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1", new OpenApiInfo
            {
                Title = "Ecommerce API",
                Version = "v1"
            });
            // Set the comments path for the Swagger JSON and UI.
            var xmlFile = Assembly.GetExecutingAssembly().GetName().Name + ".xml";
            var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
            c.IncludeXmlComments(xmlPath);
        });

        services.AddAuthentication()
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }


        app.UseHttpsRedirection();

        app.UseRouting();

        app.UseAuthorization();
        app.UseCors("AllowAll");

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });
        app.UseSwagger();
        app.UseSwaggerUI(c =>
        {
            c.SwaggerEndpoint("swagger/v1/swagger.json", "Ecommerce");
            c.RoutePrefix = string.Empty;
        });
    }
}

Upvotes: 3

Views: 797

Answers (2)

Rami Yusf
Rami Yusf

Reputation: 3022

Solved by enabling all verbs on the iis server -> .NET Authorization Rules iis server -> .NET Authorization Rules

Upvotes: 0

Leff
Leff

Reputation: 582

The most probable reason for described behaviour is IIS WebDAV module serving those HTTP verbs. You have to disable it using IIS configuration manager or with web.config file containing

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <modules>
      <remove name="WebDAVModule" />
    </modules>
    <handlers>
      <remove name="WebDAV" />
    </handlers>
  </system.webServer>
<configuration>

Upvotes: 2

Related Questions