Asp.NET Web API - 405 - HTTP verb used to access this page is not allowed - how to set handler mappings
Solution 1
Common cause for this error is WebDAV. Make sure you uninstall it.
Solution 2
You don't need to uninstall WebDAV, just add these lines to the web.config:
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
</system.webServer>
Solution 3
Change Your Web.Config file as below
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV"/>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
Solution 4
Change Your Web.Config file as below. It will act like charm.
In node <system.webServer>
add below portion of code
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/>
</modules>
After adding, your Web.Config will look like below
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/>
</modules>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
Solution 5
I had this problem and I solved the following:
- in the Handler Mapping window, Find WebDAV
- in Edit Module Mapping, open Request Restrictions
Bart
Updated on February 01, 2022Comments
-
Bart over 2 years
I wrote REST service using ASP.NET Web API. I'm trying to send HttpDelete request, however I get the following error:
405 - HTTP verb used to access this page is not allowed
I think I'm close to the solution, I found out that I should enable IIS remote management , go to Handler Mappings section and add DELETE verb to the appropriate position... but the problem is that there is a lots of different positions on the list... (sth like here: http://www.somacon.com/p126.php).
Which one should I edit? Few of them don't have extension, e.g. "ExtensionUrlHandler-Integrated-4.0" and I added DELETE verb to it, but it still doesn't work...
It was just a shot in the dark to modify that one, so should I modify different position? If so, which one? Or maybe is there anything more what I should do?
The same web service work perfectly fine on my local service, so I guess the problem is with the remote IIS...
Greetings
-
Ashkan S over 7 yearsHey Bart. Can you change the answer to the web.config one? It is really better than uninstalling it. and you have lots of viewers
-
Ali Imran over 4 years
-
-
Bart about 12 yearsI've disabled it, but it didn't help
-
John_ about 12 yearsDisabling doesn't help, you have to un-install it.
-
Mike L over 11 yearsI can confirm that disabling doesn't help. @John_ has it right, you have to uninstall.
-
Chris Patterson over 11 yearsThis worked well. One does need to use all of it; include both "remove name=..." lines.
-
Marco Mp about 11 yearsThis should be the accepted answer imho, as it is a local solution instead of a global one.
-
user1206480 over 10 yearsI struggled with this problem for hours until I came across this post. This solved my problem without uninstalling anything.
-
Joseph Woodward over 10 yearsgiacomelli's answer below should be marked as correct for this question; it's a local solution that doesn't require you to uninstall WebDav.
-
B. Clay Shannon-B. Crow Raven over 10 yearsHOW do you uninstall it (maybe I don't have it). I've added the code to web.config, which made no diff, and going through Control Panel > Uninstall Programs shows nothing named "webDAV"; is it called something else?
-
sǝɯɐſ almost 10 yearsWish I could give more upvotes, this solved my problem as well
-
Sonic Soul almost 10 yearsthis just came up for me before a huge demo tomorrow morning. you literately saved my life.
-
Brandon Gano almost 10 years"you literally saved my life" - Suddenly my clients don't seem so bad.
-
Jenn over 9 yearsI had to combine this fix, with the fix from another question for it to work: stackoverflow.com/a/25635681/818004
-
Frédéric over 9 years@B.ClayShannon WebDAV is not a standalone program, it is an IIS feature. So, depending on your OS, you have to find it under windows features / roles / roles services / ... whatever else they find good to invent for classifying it. But if the change in web.config made no diff, it means you encounter another issue anyway.
-
joelmdev over 9 years@Toolkit it does indeed work with Web API 2 if WebDAV is actually the problem. Your issue must be unrelated.
-
NeedHack almost 9 yearsThis fixed it for me, worked without in AngularJS 1.0.8. Needed this to work for 1.3.16.
-
mituw16 almost 9 yearsExcellent answer. I agree that this should be the accepted answer. This made me feel much better than completely uninstalling WebDAV from our webserver.
-
RonnBlack over 8 yearsThis can also happen if there is a mismatch between the parameter in the route and the variable name in the method signature (In other words route="/api/person/{identity}" and method="public void putPerson(int id){...}")
-
Gfw about 8 yearsAdding the remove WebDAV and WebDAVMODULE allowed the PUT and DELETE functions. Thanks.
-
Chris Martin over 7 yearsThis was a far easier solution than the accepted one. It also won't mess up the state of any applications on the server USING the WebDAV module. Thank you.
-
niico about 7 yearsIf you're using Web API you don't decorate controller methods at all - but use the verb in the method name.
-
Karlas almost 7 yearsYou should not return * for Allow-Origin. See stackoverflow.com/a/12014554
-
Santosh Prasad Sah almost 7 years@Karlas, please read question first before placing your comment and down voting. Question was not asked for "Allow-Origin" rather it was asked for handler for http verbs.
-
Karlas almost 7 yearsI did not downvote, just a side comment, in case someone copy pasted the solution.
-
Typel over 6 yearsCauses a 500 Internal Server Error in IIS 8
-
Baqer Naqvi almost 6 yearsIt hellped when i add above code in my api project webconfig file
-
Kbdavis07 over 5 yearsDid not work for me, but after I uninstalled WebDav it work!
-
Kbdavis07 over 5 yearsBest solution for me, I tried web.config changes did not work, then I removed the WebDav feature from server and it now works.
-
Eddie Fletcher over 5 yearsThanks! runAllManagedModulesForAllRequests="true" is what did it for me.
-
Darós over 5 yearsI have the same situation here. But, in my case, I have to pass a body with my PUT request. I'm using the Insomnia (like Postman) as a tool client and it's works very well. But not on my code. Any ideas?
-
deanwilliammills about 5 yearsSaved my life. Thanks
-
Ravi Ram almost 5 yearsThis did not work. It broke the entire .Net CORE site. Had to revert.
-
Yusuf Arapoglu over 4 yearsThis worked for me as well but wondering why is WebDav causing that?
-
Jeff almost 4 yearsThis should be the correct and straightforward answer
-
Eleanor Zimmermann over 3 years7 years in the future, you are going to save me from a week of tearing out my hair. If you have a favored charity or anything I can donate to in your name, let us know. this was amazing, ty.
-
Mayur Jain over 3 yearsIts too bad solution. Brock entire site.
-
sasi reka over 3 years@RaviRam you are absolutely correct. Once I tried this solution, I couldn't connect to any of the api calls. I started getting server error. not suitable for .Net 5
-
Siva Makani about 3 yearsI was getting the same issue while trying from hosted environment in IIS 10 and this solution worked out for me. Thanks
-
SalvadorGomez almost 3 yearsTo get those missing handlers registered, you must add
HTTP Activation
inWCF Services
in.NET Framework 4.x Features
(Windows Programs and Features, or Windows Server's Roles and Features) I had the exact problem (405 Method not allowed over a .NET SOAP Web service), which requires HTTP Activation feature. -
Esteban Perez over 2 yearsThanks man, I just use the next tag <modules runAllManagedModulesForAllRequests="true"> <remove name="WebDAVModule" /> </modules>
-
Cwinds over 2 yearsCould not use PUT or DELETE on website - IIS 10, AspNetCore 2.2 application, Angular 9 and MVC 3. I edited web.config like the above example (used name="WebDAVHandler" for handler). Decorated MVC methods with [HttpPut} & [HttpDelete], but also had to make MVC Controller methods match the HTTP Verb name, like "PUT" matches to controller method "Put()" - even when using [FromBody]. "DELETE" verb matches to "Delete()" method. Otherwise, got 405 - Method Not Allowed. Also, and finally, had to remove attribute [AutoValidateAntiforgeryToken] from each MVC (api) controller. Login x-xsrf works.
-
officialmmt almost 2 yearsMuch helped to me! Thanks.