Keywords: ASP.NET Web API | 405 Error | WebDAV Configuration
Abstract: This article provides an in-depth analysis of the common 405 error (HTTP verb not allowed) in ASP.NET Web API deployments. By examining IIS server configurations, it focuses on how the WebDAV module intercepts HTTP verbs like DELETE and offers detailed configuration methods to remove WebDAV via the web.config file. Drawing from best practices in the Q&A data, it explains the discrepancies between local and remote IIS environments and provides complete configuration examples and considerations.
Problem Background and Error Analysis
During ASP.NET Web API deployment, developers frequently encounter the 405 error, specifically "HTTP verb used to access this page is not allowed." This error typically occurs when attempting to send HTTP DELETE requests, where the service functions correctly in local development environments but fails on remote IIS servers. This discrepancy primarily stems from configuration differences in IIS servers, particularly the presence of the WebDAV (Web Distributed Authoring and Versioning) module.
Impact Mechanism of the WebDAV Module
WebDAV is an extension module in IIS that enables file management operations via the HTTP protocol. However, WebDAV intercepts specific HTTP verbs, including DELETE and PUT, directly interfering with RESTful API operations. When the WebDAV module is enabled, it overrides ASP.NET Web API's handling of these verbs, resulting in the 405 error.
Solution: Configuring the web.config File
Based on best practices, it is unnecessary to completely uninstall the WebDAV module; instead, modify the web.config file to remove its processing of specific requests. Below is a complete configuration example:
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
</system.webServer>This configuration removes the WebDAV module and handler from the IIS processing pipeline, ensuring that ASP.NET Web API can directly handle all HTTP verbs, including DELETE.
Configuration Details and Considerations
In the <modules> section, the <remove name="WebDAVModule" /> directive removes the WebDAV module, preventing it from intercepting HTTP requests. In the <handlers> section, the <remove name="WebDAV" /> directive removes the WebDAV handler, ensuring requests are correctly routed to ASP.NET Web API's handlers.
It is important to note that this method is more reliable and maintainable than directly modifying IIS Handler Mappings, as it incorporates the configuration into the application's web.config file, facilitating version control and deployment.
Environment Discrepancy Analysis
Local development environments typically use IIS Express or Visual Studio's built-in server, which do not include the WebDAV module by default, thus avoiding the 405 error. In contrast, production IIS servers often have full WebDAV functionality installed, explaining why services work locally but fail on remote servers.
Verification and Testing
After applying the above configuration, the following verification steps are recommended:
- Restart the IIS application pool
- Clear browser cache
- Test DELETE requests using tools like Postman or curl
- Check IIS logs to confirm request processing status
This approach ensures that ASP.NET Web API can properly handle all RESTful operations, including resource deletion scenarios requiring the DELETE verb.