4

I've got an .ASHX handler I want to use to process an HTTP PUT to allow me to upload files to the web server--the .ASHX file actually uploaded data and sticks the file elsewhere, so it never actually touches the disk here.

I've set the web.config to allow it to handle HTTP PUT, but IIS won't pass the request to my code unless I set the ACLs on the .ASHX files themselves to be writable--Which is kinda silly, since we're not actually going to write to those files.

If I set the ACLs, it works fine, but I'd like to be able to process the file without having to set the ACLs at all (I'm sure there's an appropriate way to make IIS just pass the HTTP PUT to the .ASHX file without checking the permissions on the file itself.

This is on Win2008 R2 (actually, it's on Azure's 2008 R2, but should be the same), using .NET 4.0

401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.

Garrett Serack
  • 943
  • 7
  • 17
  • May I ask if you ever managed to find a solution to this? I'm in almost exactly the same boat (using Win7 vs Win2008), but I have exactly the same symptoms. I get a 401.3 error unless I grant Full control to Everyone (granting full to the IIS_ISUSRS group was not enough). – Danny May 16 '14 at 21:40

1 Answers1

0

There are several roadblocks to getting PUT (and DELETE) working with ASP.NET. Since you mention Win2008 R2 (IIS 7.5) I would check to see if the errors you are seeing mention the WebDAV module or handler.

WebDAV is enabled by default as of IIS 7.5. It will interfere with HTTP PUT and DELETE verbs on ASP.NET handlers and modules. If you're implementing a RESTful service you likely don't even utilize this functionality. Disable it via your web.config.

<system.webServer>
    <modules>
        <remove name="WebDAVModule" />
    </modules>
    <handlers>
        <remove name="WebDAV" />
    </handlers>
</system.webServer>

Some other solutions are mentioned in this forum post entitled HTTP Error 405 With ASP.Net MVC and HTTP PUT on IIS 7.5.

Sean Glover
  • 1,766
  • 18
  • 31
  • 1
    I tried that; it's not a matter of WebDAV being enabled. The trick is that it works if I change the ACLs on the ASHX files. Which is completely lame; I'm not actually touching the filesystem. :( – Garrett Serack Jun 26 '12 at 04:13
  • 1
    What error (HTTP error code, exception, etc) do you get when the ACL's are not set? Can you paste it into the question? – Sean Glover Jun 26 '12 at 11:51
  • Arg! sorry, I thought I had specified that before. I'm getting a 401 (when done over localhost, it's specifically 401.3) – Garrett Serack Jun 26 '12 at 16:53
  • FWIW, I just solved a stickly 401.3 problem with a reference to this answer. WebDAV wasn't the problem, but the ACL was. – cori Jan 20 '16 at 23:14