On my Web API I have a few [HttpGet] functions that work perfectly, but the one that is [HttpDelete] (on the same Controller) doesn't work, it returns 404 error.
[Authorize]
[RoutePrefix("Users")]
public class UsersController : ApiController
{
[HttpDelete]
[Route("DeleteUser/{ID}")]
public void Delete(int id)
{
_UserRepository.Delete(id);
}
}
On the web.config I have the verb set to *:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
<remove name="FormsAuthentication" />
</modules>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
The AJAX call:
deleteUser = function (id, callback) {
$.ajax({
url: "../../API/Users/DeleteUser/" + id,
type: "DELETE",
success: function () {
callback;
}
});
}
The error:
HTTP Error 404.0 - Not Found
Detailed Error Information
Module IIS Web Core Notification MapRequestHandler Handler StaticFile
Error Code 0x80070002
Requested
URL https://www.example.com:443/Rejected-By-UrlScan?~/API/Users/DeleteUser/155
Physical Path d:\wr\mySite\example.com\Rejected-By-UrlScan
Logon Method Anonymous Logon User Anonymous
All the calls are authenticated with OWIN Authentication and a bearer token.
An example of a working call on the same page:
getUsers = function (callback) {
$.get("../../API/Users/GetUsers/", callback);
}
What can causes it?
As stated in another post, there may be an extension (UrlScan) configured in IIS to block DELETE requests. You can check your IIS for this extension.
Try setting the verbs manually
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
<remove name="FormsAuthentication" />
</modules>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0"
path="*."
verb="GET,HEAD,POST,DEBUG,DELETE,PUT"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
Also check to make sure
That you are calling the correct path.
you do not have a folder that matches the intended route
Also, your route template place holder needs to match the action parameter name
[Authorize]
[RoutePrefix("Users")]
public class UsersController : ApiController {
[HttpDelete]
[Route("DeleteUser/{id:int}")] //Matches DELETE {root}/Users/DeleteUser/5
[AcceptVerbs("DELETE")]
public IHttpActionResult Delete(int id) {
//TODO: check if {id} exists and if not, then return NotFound()
_UserRepository.Delete(id);
return Ok();
}
//...other members
}
I am a little puzzled with issue here.
I have enabled CORS by adding the following code in startup
var enableCorsAttribute = new EnableCorsAttribute("*",
"Origin, Content-Type, Accept",
"GET, PUT, POST, DELETE, OPTIONS");
config.EnableCors(enableCorsAttribute);
And request to /token is working correctly. I get the correct token, and I have tested using postman.
When I try to request to other API controllers it fires 404 error saying
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I understand that's the header is missing but I am not sure how to configure this other than the code I have posted above.
I am running angular 2 app to perform the request.
Any help would be much appreciated!
I finally got it working after spending about 2 days... hopefully this answer helps other who might have the same problem.
One thing to note - if you implement or extend simple auth code,
inside this method GrantResourceOwnerCredentials you will have the following line of the code.
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
This is causing the inconsistency between /token request headers and request to other API controllers.
Long story short, comment this line so same request header is applied.
I have made changes to the web.config as the following
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<remove name="WebDav" />
<add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="IsapiModule" scriptProcessor="C:\Windows\System32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
</handlers>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="*" />
<add name="Access-Control-Allow-Methods" value="*" />
</customHeaders>
</httpProtocol>
And just in case you still have problems with options request, you can go to global.asax.cs file and modify the response as the following:
if ((HttpContext.Current.Request.HttpMethod == "OPTIONS"))
{
HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
HttpContext.Current.Response.End();
}
I really hope this answer saves someone else's time!
I have SPA using angular(routing too is with angular).I have written http handler which will intercept old url and redirect to new url.
When I give path as * its hitting but with *.html not hitting my handler.
Please find code snip.
My Handler code-
public class PageHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
HttpRequest request = context.Request;
HttpResponse response = context.Response;
string newUrl=string.Empty;
if (Convert.ToString(request.Path) != null)
newUrl = GetNewURL(Convert.ToString(request.Path));
if (newUrl != string.Empty)
response.Redirect(newUrl);
else
response.Redirect("/404");
}
}
Webconfig setting-
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add verb="*" path="*.html,*.aspx" name="myHandler" type="LucidFox.Helpers.PageHandler"/>
</handlers>
Not sure why its not intercepting .aspx and .html
IIS 7's handler mapping is different than IIS 6's handler mapping. In IIS 6, you can map your handlers like this in web.config.It allows you to use multiple paths, comma-delimited.
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add verb="*" path="*.html,*.aspx" name="myHandler" type="LucidFox.Helpers.PageHandler"/>
</handlers>
In IIS 7, it's in a different section.It doesn't support multiple paths, so you need to map your handler for each path.
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add verb="*" path="*.html" name="myHandler" type="LucidFox.Helpers.PageHandler"/>
<add verb="*" path="*.aspx" name="myHandler" type="LucidFox.Helpers.PageHandler"/>
</handlers>
I am new to WebApi and we have a requirement to create\maintain a token issuing web service. A colleague of mine provided his solution (beta) which he has allowed me to use. If I run the web service from my dev environment (VS 2012) I am able to query it and get the token back from a web browser (Chrome). I then wrote a test app to use HttpClient to query the service and get the token. This works fine from the service hosted in my dev environment but if I try to query it when hosted in IIS using my little test app I get a '404 Not Found' exception. But what is puzzling me is if I connect to the web service hosted in IIS from chrome it works?
My controller method is as follows:
[HttpGet]
public IHttpActionResult GetToken(string username, string password, string realm)
{
return Json("TOKEN-STRING");
}
And my config:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,PUT,DELETE,DEBUG" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,PUT,DELETE,DEBUG" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
</handlers>
I have set my application pool to 'Integrated' within IIS.
My logic says to me that if I am able to retrieve the token from Chrome but not from my app, then there should be nothing wrong with IIS but rather a config\setting\programming error in my app.
Here is the little method I wrote to get the token:
async private void GetToken()
{
HttpClient client = new HttpClient();
client.BaseAddress = new Uri("http://localhost/TokenServer/");
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var response = client.GetAsync("/api/TokenServer/GetToken/name/password/realm").Result;
string result = await response.Content.ReadAsStringAsync();
if (!response.IsSuccessStatusCode)
{
//Error handling
return;
}
//Extract token from response
JavaScriptSerializer json_serializer = new JavaScriptSerializer();
Token = DeserializeJsonToken(result);
}
I have read and tried many suggestions but none seem to work for me. I have been stuck with this for two days now and the deadline is creeping :)
Tx
The issue here is with the Url where you have a leading / which causes the TokenServer part of the baseaddress Url to be not considered. So modify the call like the following:
client.GetAsync("api/TokenServer/GetToken/name/password/realm").Result;
A tip: Tools like Fiddler can be of great use in situations like these. It helps in diagnosing the raw requests that are sent to the service.
I know this is a commonly addressed issue, and I've done everything that many posts here on SO suggest. When I try to delete a record using WebAPI (version 2) from my MVC5 front end running under local IIS, I get a 404 Not Found response. Here are the things I've tried:
I've added the following under <system.webServer /> in my WebAPI web.config:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
I've followed the instructions at: http://geekswithblogs.net/michelotti/archive/2011/05/28/resolve-404-in-iis-express-for-put-and-delete-verbs.aspx, which basically say to modify the ExtensionlessUrlHandler-Integrated-4.0 in IIS "Handler Mappings". It says to double click on the handler, click "Request Restrictions", and "Allow PUT and DELETE verbs". I've done this, and I still get the 404 error.
I've done an IIS reset.
Here's my MVC5 front end code that calls the WebAPI delete method - please note that when I manually navigate to api/bulletinboard/get/{0} where {0} is an integer, I get a valid JSON response. Below, contactUri is http://localhost/SiteName/api/bulletinboard/get/53 which returns valid JSON:
[HttpPost, ActionName("Delete")]
public ActionResult Delete(string appId, int id)
{
response = client.GetAsync(string.Format("api/bulletinboard/get/{0}", id)).Result;
contactUri = response.RequestMessage.RequestUri;
response = client.DeleteAsync(contactUri).Result;
if (response.IsSuccessStatusCode)
{
return RedirectToAction("MessageList", new { appId = appId });
}
else
{
LoggerHelper.GetLogger().InsertError(new Exception(string.Format(
"Cannot delete message due to HTTP Response Status Code not being successful: {0}", response.StatusCode)));
return View("Problem");
}
}
Here's my WebAPI delete method:
[HttpDelete]
public HttpResponseMessage Delete(int id)
{
BulletinBoard bulletinBoard = db.BulletinBoards.Find(id);
if (bulletinBoard == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound);
}
db.BulletinBoards.Remove(bulletinBoard);
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return Request.CreateErrorResponse(HttpStatusCode.NotFound, ex);
}
return Request.CreateResponse(HttpStatusCode.OK, bulletinBoard);
}
Here's my WebApiConfig.cs in my WebAPI project:
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
config.EnableCors();
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "ApiWithActionName",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
var json = config.Formatters.JsonFormatter;
json.SerializerSettings.PreserveReferencesHandling = Newtonsoft.Json.PreserveReferencesHandling.Objects;
config.Formatters.Remove(config.Formatters.XmlFormatter);
config.Formatters.Add(new PlainTextFormatter());
}
QUESTION: What else can I try to resolve this error? This works fine when deployed from my local environment to my company's development servers.
for those who still looking for enable DELETE & PUT The below code solve my problem
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<!--This will enable all Web API verbose-->
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
I've followed the instructions at: https://forums.asp.net/t/1961593.aspx?DELETE+PUT+verbs+result+in+404+Not+Found+in+WebAPI+only+when+running+locally
That says to only change this piece of code in your Web.config, and works fine for me!
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
If you are using IIS, make sure you have the HTTP Verb set to allowed in Request Filtering. If its not there, you can set it to allow it on the side.
We were struggling with DELETE/PUT returning 404 errors on IIS 8. We did all of the above answers changing web.config to accept all Verbs, enabling put/delete in the request filtering. We had also disabled webDAV multiple ways. We found that the application pool was set to classic verses integrated (what it should have been). Now DELETE/PUT verbs work fine.
Mark Jensen solution worked for me.
Just changed my Application Pool from "Classic" to "Integrated" and my requests worked.
This issue can be fixed by IIS level configuration-
Open IIS->select your website->IIS (section) ->Request Filtering ->HHTP Verbs
Remove DELETE verb/ OR allow DELETE verb
Issue will get resolved.
What I did was just switch from using local IIS to IIS Express via the project properties on my WebAPI project, as a workaround. Doing this and deleting a record then resulted in a 405 Method Not Allowed error. I then changed the lines of code:
response = client.GetAsync(string.Format("api/bulletinboard/get/{0}", id)).Result;
contactUri = response.RequestMessage.RequestUri;
response = client.DeleteAsync(contactUri).Result;
To:
response = client.DeleteAsync(string.Format("api/bulletinboard/delete/{0}", id)).Result;
This is very strange because I have another project that runs the first block of code and it deletes records just fine. Anyways, this resolved my local problem. I understand this doesn't really resolve my main issue which was using local IIS, but this workaround worked for me.
If your project is working under IIS and not under IISExpress, try to set IISExpress Managed Pipeline Mode to Integrated.
PUT and DELETE verbs seems to have problem under Classic Managed Pipeline mode.
Good luck..
Roberto.
For me it was an ISAPI module called UrlScan which I had to completely remove from the application.