Asp.NET Web API - 405 - HTTP verb used to access this page is not allowed - how to set handler mappings

asp.net asp.net-mvc iis iis-7 asp.net-web-api

126,207

Solution 1

Common cause for this error is WebDAV. Make sure you uninstall it.

Solution 2

You don't need to uninstall WebDAV, just add these lines to the web.config:

<system.webServer>
  <modules>
    <remove name="WebDAVModule" />
  </modules>
  <handlers>
    <remove name="WebDAV" />
  </handlers>
</system.webServer>

Solution 3

Change Your Web.Config file as below

 <system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV"/>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>

Solution 4

Change Your Web.Config file as below. It will act like charm.

In node <system.webServer> add below portion of code

<modules runAllManagedModulesForAllRequests="true">
  <remove name="WebDAVModule"/>
</modules>

After adding, your Web.Config will look like below

<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true">
        <remove name="WebDAVModule"/>
    </modules>
    <httpProtocol>
    <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="Content-Type" />
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
    </customHeaders>
    </httpProtocol>
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
</system.webServer>

Solution 5

I had this problem and I solved the following:

open IIS
Select the Backend Site
in features view: open Handler Mapping

in the Handler Mapping window, Find WebDAV

in Edit Module Mapping, open Request Restrictions

View more solutions

126,207

Author by

Bart

Updated on February 01, 2022

Comments

Bart over 2 years

I wrote REST service using ASP.NET Web API. I'm trying to send HttpDelete request, however I get the following error:

405 - HTTP verb used to access this page is not allowed

I think I'm close to the solution, I found out that I should enable IIS remote management , go to Handler Mappings section and add DELETE verb to the appropriate position... but the problem is that there is a lots of different positions on the list... (sth like here: http://www.somacon.com/p126.php).

Which one should I edit? Few of them don't have extension, e.g. "ExtensionUrlHandler-Integrated-4.0" and I added DELETE verb to it, but it still doesn't work...

It was just a shot in the dark to modify that one, so should I modify different position? If so, which one? Or maybe is there anything more what I should do?

The same web service work perfectly fine on my local service, so I guess the problem is with the remote IIS...

Greetings
- Ashkan S over 7 years
  
  Hey Bart. Can you change the answer to the web.config one? It is really better than uninstalling it. and you have lots of viewers
- Ali Imran over 4 years
  
  stackoverflow.com/questions/39445717/…
Bart about 12 years

I've disabled it, but it didn't help
John_ about 12 years

Disabling doesn't help, you have to un-install it.
Mike L over 11 years

I can confirm that disabling doesn't help. @John_ has it right, you have to uninstall.
Chris Patterson over 11 years

This worked well. One does need to use all of it; include both "remove name=..." lines.
Marco Mp about 11 years

This should be the accepted answer imho, as it is a local solution instead of a global one.
user1206480 over 10 years

I struggled with this problem for hours until I came across this post. This solved my problem without uninstalling anything.
Joseph Woodward over 10 years

giacomelli's answer below should be marked as correct for this question; it's a local solution that doesn't require you to uninstall WebDav.
B. Clay Shannon-B. Crow Raven over 10 years

HOW do you uninstall it (maybe I don't have it). I've added the code to web.config, which made no diff, and going through Control Panel > Uninstall Programs shows nothing named "webDAV"; is it called something else?
sǝɯɐſ almost 10 years

Wish I could give more upvotes, this solved my problem as well
Sonic Soul almost 10 years

this just came up for me before a huge demo tomorrow morning. you literately saved my life.
Brandon Gano almost 10 years

"you literally saved my life" - Suddenly my clients don't seem so bad.
Jenn over 9 years

I had to combine this fix, with the fix from another question for it to work: stackoverflow.com/a/25635681/818004
Frédéric over 9 years

@B.ClayShannon WebDAV is not a standalone program, it is an IIS feature. So, depending on your OS, you have to find it under windows features / roles / roles services / ... whatever else they find good to invent for classifying it. But if the change in web.config made no diff, it means you encounter another issue anyway.
joelmdev over 9 years

@Toolkit it does indeed work with Web API 2 if WebDAV is actually the problem. Your issue must be unrelated.
NeedHack almost 9 years

This fixed it for me, worked without in AngularJS 1.0.8. Needed this to work for 1.3.16.
mituw16 almost 9 years

Excellent answer. I agree that this should be the accepted answer. This made me feel much better than completely uninstalling WebDAV from our webserver.
RonnBlack over 8 years

This can also happen if there is a mismatch between the parameter in the route and the variable name in the method signature (In other words route="/api/person/{identity}" and method="public void putPerson(int id){...}")
Gfw about 8 years

Adding the remove WebDAV and WebDAVMODULE allowed the PUT and DELETE functions. Thanks.
Chris Martin over 7 years

This was a far easier solution than the accepted one. It also won't mess up the state of any applications on the server USING the WebDAV module. Thank you.
niico about 7 years

If you're using Web API you don't decorate controller methods at all - but use the verb in the method name.
Karlas almost 7 years

You should not return * for Allow-Origin. See stackoverflow.com/a/12014554
Santosh Prasad Sah almost 7 years

@Karlas, please read question first before placing your comment and down voting. Question was not asked for "Allow-Origin" rather it was asked for handler for http verbs.
Karlas almost 7 years

I did not downvote, just a side comment, in case someone copy pasted the solution.
Typel over 6 years

Causes a 500 Internal Server Error in IIS 8
Baqer Naqvi almost 6 years

It hellped when i add above code in my api project webconfig file
Kbdavis07 over 5 years

Did not work for me, but after I uninstalled WebDav it work!
Kbdavis07 over 5 years

Best solution for me, I tried web.config changes did not work, then I removed the WebDav feature from server and it now works.
Eddie Fletcher over 5 years

Thanks! runAllManagedModulesForAllRequests="true" is what did it for me.
Darós over 5 years

I have the same situation here. But, in my case, I have to pass a body with my PUT request. I'm using the Insomnia (like Postman) as a tool client and it's works very well. But not on my code. Any ideas?
deanwilliammills about 5 years

Saved my life. Thanks
Ravi Ram almost 5 years

This did not work. It broke the entire .Net CORE site. Had to revert.
Yusuf Arapoglu over 4 years

This worked for me as well but wondering why is WebDav causing that?
Jeff almost 4 years

This should be the correct and straightforward answer
Eleanor Zimmermann over 3 years

7 years in the future, you are going to save me from a week of tearing out my hair. If you have a favored charity or anything I can donate to in your name, let us know. this was amazing, ty.
Mayur Jain over 3 years

Its too bad solution. Brock entire site.
sasi reka over 3 years

@RaviRam you are absolutely correct. Once I tried this solution, I couldn't connect to any of the api calls. I started getting server error. not suitable for .Net 5
Siva Makani about 3 years

I was getting the same issue while trying from hosted environment in IIS 10 and this solution worked out for me. Thanks
SalvadorGomez almost 3 years

To get those missing handlers registered, you must add HTTP Activation in WCF Services in .NET Framework 4.x Features (Windows Programs and Features, or Windows Server's Roles and Features) I had the exact problem (405 Method not allowed over a .NET SOAP Web service), which requires HTTP Activation feature.
Esteban Perez over 2 years

Thanks man, I just use the next tag <modules runAllManagedModulesForAllRequests="true"> <remove name="WebDAVModule" /> </modules>
Cwinds over 2 years

Could not use PUT or DELETE on website - IIS 10, AspNetCore 2.2 application, Angular 9 and MVC 3. I edited web.config like the above example (used name="WebDAVHandler" for handler). Decorated MVC methods with [HttpPut} & [HttpDelete], but also had to make MVC Controller methods match the HTTP Verb name, like "PUT" matches to controller method "Put()" - even when using [FromBody]. "DELETE" verb matches to "Delete()" method. Otherwise, got 405 - Method Not Allowed. Also, and finally, had to remove attribute [AutoValidateAntiforgeryToken] from each MVC (api) controller. Login x-xsrf works.
officialmmt almost 2 years

Much helped to me! Thanks.