3

I have created an MVC Web Api for some university coursework, that works as expected on my development machine (Running VS11).

However when I deploy the application to the webserver on 123reg HttpVerbs other than GET and POST appear to not reach my application at all, initially a 401 Not Authorised response was returned; however after turning off the "WebDAV" module as suggested here these 401s became 405 Method not allowed. In this case I only disabled the handlers as disabling both the handlers and the module meant that my application did not start at all (Error 500 without a stacktrace [custom errors are off]).

I am planning to utilise the forms membership provider to add authentication capabilities to my API, however I removed any [Authorise] attributes from my code when 401s began appearing.

Applications on 123Reg's shared hosting are run under Medium trust.

I have been in contact with 123Reg support, and they have been semi helpful, but have since decided that they cannot help me further (They suggested adding HttpHandlers as detailed below) (Apparently, I should consult a web designer...)

Things I have tried:

I have added [AllowAnonymous] Attributes to my controllers and/or actions with no effect.

I have added the authorization web.config attribute allowing all verbs and paths to all users both authenticated and not:

<authorization>
  <allow users="*" />
  <allow users="?" />
  <allow verbs="*" users="*" />
  <allow verbs="*" users="?" />
</authorization>

I have added (As suggested by 123Reg):

 <system.webServer>
    <handlers>
      <remove name="WebDAV" />
      <add name="PUTVerbHandler" path="*" verb="PUT" modules="ProtocolSupportModule" resourceType="Unspecified" />
      <add name="DELETEVerbHandler" path="*" verb="DELETE" modules="ProtocolSupportModule" resourceType="Unspecified" />
    </handlers>
  </system.webServer>

This appeared to be a step forward, as we now receive 405 responses rather then 401 respones, however I am now unable to make any further progress. Additionally I have also added:

<httpHandlers>
    <add verb="*" path="*" type="System.Web.Mvc.MvcHttpHandler"/>
</httpHandlers>

This also made no difference.

Any help you can give would be much appreciated (I dont really want to have to move host for this application!)

Mike Wade
  • 1,726
  • 1
  • 15
  • 28
  • I am not sure, the support site does not specify the IIS version, and they did not provide an answer when I asked in one of my tickets. They do have some support articles relating to IIS 7 but I cannot be sure. – Mike Wade Apr 20 '12 at 08:13
  • I can confirm it is indeed IIS 7 – Mike Wade Apr 20 '12 at 14:49

3 Answers3

2

This post solved my problem. I did all the regular things: added all the necessary <handlers> entries, disabled WebDAV, but I still had 401.3 Unauthorized.

Enabling forms authentication solved the problem:

<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <authentication mode="Forms" />
</system.web>
mm201
  • 526
  • 4
  • 15
  • Thank you so-much! Hours of searching...tnx for sharing. This resolved the 401 Unauthorized message. (the 405 error can be resolved with the remove the webdav and add the verbs) – Fabian May 02 '20 at 14:04
1

I found this: http://forums.iis.net/t/1163441.aspx

From the looks of that forum post, you need to completely uninstall WebDAV for the PUT and DELETE Verbs to work. This is not going to help on a shared webhosting scenario unfortunately.

Random
  • 107
  • 3
  • 9
  • Thanks, as you say, I cant do that in my situation :( - I moved the application over to https://appharbor.com/ and it worked first time. – Mike Wade May 03 '12 at 09:20
  • Hi Spike! I'm having the same problem in appharbor... did you keep some of the configurations above in appharbor web.config? – GRGodoi Mar 24 '13 at 20:45
  • @GRGodoi - Sorry it has been ages since I looked at this project. It would seem that I removed everything related to webdav (`system.webServer` section) and the `authorization` section. – Mike Wade Apr 21 '13 at 21:26
0

For me it was something different. I had to go to the site folder, open the security tab for the folder, press Edit button to change group or user names permissions, find the site from my IIS 8 sites and give it a full control permission.

alobodzk
  • 1,284
  • 2
  • 15
  • 27