ASP.NET Core with IIS - HTTP Verb Not Allowed

asp.net iis asp.net-core asp.net-core-webapi

50,821

Solution 1

Whilst removing WebDAV may solve your issue, you may be wondering (like I was), what is WebDAV and what is it used for?

I found this page which helps explain it:

https://www.cloudwards.net/what-is-webdav/

Solution 2

This was what worked for me (netcore 2.0)

<system.webServer>
  <modules runAllManagedModulesForAllRequests="false">
    <remove name="WebDAVModule" />
  </modules>
</system.webServer>

Found here: https://www.ryadel.com/en/error-405-methods-not-allowed-asp-net-core-put-delete-requests/

Solution 3

After hours of research and trial and error, the fix seems to be pretty simple. Add a Web.config file to your .NET Core 2.0 application:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <!-- To customize the asp.net core module uncomment and edit the following section. 
         For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
    <system.webServer>
        <modules>
            <remove name="WebDAVModule" />
        </modules>
        <handlers>
            <remove name="aspNetCore" />
            <remove name="WebDAV" />
            <!-- I removed the following handlers too, but these
                 can probably be ignored for most installations -->
            <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
            <remove name="OPTIONSVerbHandler" />
            <remove name="TRACEVerbHandler" />

            <add name="aspNetCore" 
                 path="*" 
                 verb="*" 
                 modules="AspNetCoreModule" 
                 resourceType="Unspecified" />
        </handlers>
        <aspNetCore processPath="%LAUNCHER_PATH%" 
                    arguments="%LAUNCHER_ARGS%" 
                    stdoutLogEnabled="false"
                    stdoutLogFile=".\logs\stdout" />
    </system.webServer>
</configuration>

Hope this helps.

Solution 4

To prevent WebDav from getting enabled at all, remove the following entry from the ApplicationHost.config:

<add name="WebDAVModule" />

The entry is located in the modules section.

Exact location of the config:
C:\Windows\System32\inetsrv\config\applicationHost.config

This worked well for me in .Net Core 2.1

Solution 5

Remove the WebDAV Publishing from IIS server. Its come under the Internet Infromation service -> Common Http Features

https://ignas.me/tech/405-method-not-allowed-iis/

View more solutions

50,821

Author by

Neilski

Updated on December 16, 2021

Comments

Neilski over 2 years
We have an ASP.NET Core 2.0 web site that also presents a couple of simple Web API methods for UI enhancement purposes.

The Web API calls work as expected when running locally under IIS Express, but when we deploy to our IIS 8.5 production web server, we get the following error when making HTTP DELETE and PUT requests...
```
405 Method Not Allowed
```
After some web searching, we have found several posts suggesting the removal of the IIS WebDAV module. We have disabled this in IIS (it is our server), and we have also tried the following:
- Disabled WebDAV
- Enabled WebDev and set Allow verb filtering = False
- Set the Hander Mappings to allow All Verbs in the Request Restrictions settings for: aspNetCore, WebDAV and ExtensionlessUrlHandler-Integrated-4.0
None of the above steps have resolved our problem.

Any advice/direction would be much appreciated.