8

I've been trying all the suggested workarounds for ASP.NET to be able to address my REST web service by HTTP Methods PUT and DELETE. However, none of them seems to work. (i.e. removing WebDAV handler or allowing all verbs to ExtensionlessHandler).

What's required in ASP.NET Core Web API (on IIS) to allow those two verbs (HTTP PUT and DELETE)?

PS: I've configured our Web API project using CORS, yet I'm accessing the web service from a web page on the same origin. So it's not a CORS issue, either.

Erik Philips
  • 53,428
  • 11
  • 128
  • 150
AxD
  • 2,714
  • 3
  • 31
  • 53
  • That's already present by default: ` ` – AxD Jun 13 '19 at 14:47
  • Did you add `[HttpPut]`/`[HttpDelete]` attributes to the appropriate actions? Actions by default only accept GET (and maybe POST - not sure off the top of my head). – Chris Pratt Jun 13 '19 at 15:13

5 Answers5

11

A day after, I now found the cause for this error. The following reasons caused this error to happen:

  1. There was a typo in the PUT call, so the Web API method wasn't called. After fixing that, the following two issues had to be fixed:
  2. It wasn't sufficient to prefix the Web API methods with the method and omit the corresponding attributes ([HttpPut], [HttpDelete]). So, these attributes had to be applied (this is particular to ASP.NET Core).
  3. It wasn't sufficient to provide the above attributes to the methods. It was required to provide the methods' address (and query string, resp.) parameters for these attributes ([HttpPut("{id}")], [HttpDelete("{id}")]), too. (This is particular to ASP.NET Core.)

See ASP.NET Core Web API: Routing by method name? .


I believe "**405 Method not allowed**" to be *quite* an inappropriate error message. It doesn't reflect any of the above three reasons and is very confusing.

I, moreover, believe that "400 Bad Request", "404 Not Found", or - rather - "501 Not Implemented" would have been rather more appropriate HTTP return states.


I created a GitHub issue on this:
["405: Method not allowed" = Misleading error message → Replace with better HTTP status code][1]
AxD
  • 2,714
  • 3
  • 31
  • 53
  • 2
    you have wrong brackets for HTTP Delete, should be {} – Eru May 13 '21 at 20:57
  • Can you show me the delete attribute(s) you used. I am having a problem where I get the same error message when using `[HttpDelete("{code}")]` but not when using `[HttpDelete]`. – lcj Nov 10 '22 at 11:18
  • You better create a new question here @ StackOverflow and add a code snippet containing the whole function declaration, including attributes. – AxD Nov 10 '22 at 16:09
5

This took me hours to figure out. I'm using ASP.NET Core 5 and there is no need to modify the web.config to remove WebDav or anything. I believe most people didn't realize the differences of the signature of POST method and PUT, DELETE method.

  • POST method URL: http://servername/api/controller
  • PUT and DELETE method URL: http://servername/api/controller/id

Notes that you have to put id in the URL for PUT and DELETE. Good luck.

tala9999
  • 1,540
  • 2
  • 15
  • 25
2

@AxD explained very well. In my case following is the problem.

[HttpDelete("{cardioId:length(24)}")]
public async Task<IActionResult> Delete([FromBody] string cardioId)

Mistakenly while copy and pasting code I forgot to change [FromBody] to [FromRoute] which causing this 405 Method Not Allowed error which is really inappropriate.

Please double check this kind of mistakes when you are facing such kind of errors.

Mubasher Aslam
  • 21
  • 3
1

In case someone has a brain fart like me, don't forget that in a web browser you are making a GET request. So trying to access your PUT endpoint from a browser is going to give you this issue. You can use a tool like Postman. And don't forget to actually change the request type from GET to PUT in Postman!

Buzz
  • 512
  • 1
  • 4
  • 11
0

I was facing this problem testing a .NET 6 RESTful Web API using Postman and REST Client VSCode extension. After checking my code, I find out that I had to add CORS to the pipeline of my web application. This is the piece of code to add CORS:

...
builder.Services.AddCors(c =>
{
    c.AddPolicy("AllowOrigin", options => options.AllowAnyOrigin());
});
...
app.UseCors(options => options.AllowAnyOrigin());

Have a nice coding!

Ricardo Maroquio
  • 436
  • 4
  • 9