11

I have the following jQuery post to an ASP.NET webmethod:

$.ajax({
    type: "POST",
    url: "AjaxWebMethods.aspx/UpdNote",
    contentType: "application/json; charset=utf-8",
    data: "{'ID' : '" + id + "', 'note' : '" + note + "' }",
    dataType: "json",
    success: UpdNote_Success,
    error: AjaxError
});

And the web method is declared:

[System.Web.Services.WebMethod(enableSession: true)]
public static int UpdNote(int ID, string note) {
    // business logic that eventually returns a number, but simplifying
    // ... for the sake of brevity
    int retNum = 99;

    return retNum;
}

The jQuery post and the web method both work wonderful in a Windows Authenticated environment (ie - users are authenticated by LDAP). However, I recently had to move the website to a server that uses RSA (two-factor authentication, pin and token code) for authenticating users in order to gain access to the site. And what I'm seeing now is that all my jQuery posts are returning "405 error".

Cross-site requests comes to mind, obviously, but none of that is going on here. All of the jQuery AJAX posts are using web methods that are declared in the AjaxWebMethods.aspx, which page resides in the site's own domain.

Thanks in advance for any help or suggestions!

EDIT:

Using Fiddler in IE8 gives me a little more information. The error code that it returns is still 405, but the server error is more descriptive. The server error is "The HTTP verb POST used to access path '/AjaxWebMethods.aspx/UpdNote' is not allowed."

I did try changing the type parameter of the ajax request to GET, but I get a 404 instead (The resource cannot be found).

Also, forgot to mention that this is over SSL (although I don't expect this would make a difference).

EDIT:

After extensive testing (and extensive help from the astute members of stackoverflow) I've determined that 405 error is directly related to the Application Pool that the website is using, and more specifically to the Managed Pipeline Mode that is selected for the Application Pool.

If I use an Application Pool that targets v4.0 (.NET Framework) and Integrated (Managed Pipeline Mode) then my AJAX post works just fine. But if I use an Application Pool that targets v4.0 and Classic (Managed Pipeline Mode) then I get the 405 error.

So at this point I'm still looking for a solution to this question, although I've been able to home-in on the problem.

Jagd
  • 7,169
  • 22
  • 74
  • 107
  • Why do you need the `contentType` declaration? you're setting the `datatType` to JSON and *"Data will always be transmitted to the server using UTF-8 charset; you must decode this appropriately on the server side."* so that part is unnecessary too - [jQuery API](http://api.jquery.com/jQuery.ajax/) – Zoltan Toth Jul 01 '12 at 19:57
  • Why are you not using the full url? (unless you just removed it for security purposes) – gabeio Jul 01 '12 at 20:21

5 Answers5

3

Based on this:

The jQuery post and the web method both work wonderful in a Windows Authenticated environment (ie - users are authenticated by LDAP). However, I recently had to move the website to a server that uses RSA (two-factor authentication, pin and token code) for authenticating users in order to gain access to the site. And what I'm seeing now is that all my jQuery posts are returning "405 error".

It's clear that the error is related with the server configuration, but to be completely sure, if you can, create a new site in the RSA server and for this site disable the RSA authentication, try to browse your site just to be absolutely sure that the error is only related with the RSA authentication, discarding missing code-related components/configuration in the new server

Once you have discarded code-related configuration issues, I would encourage you to double check your RSA configuration (which can be tricky). Once I worked in a project using RSA security in order to implement a SSO across servers. (Single Sign On), I remember there was a RSA ISAPI filter installed at the server level, and this filter was in charge to read/set authentication cookies in order to authenticate each request against an Active Directory Server.

Since each request was managed by this filter and this ISAPI filter was at the top of the pipeline, every request had to be handled by the RSA ISAPI filter first in order to be authenticated

So my suggestion is double check the RSA configuration in order to detect if there's something blocking your AJAX posts

I remember the RSA configuration was like a black magic box, we didn't have enough documentation and configuring it was a PITA. I sincerely hope this is not the case in your organization

Jupaol
  • 21,107
  • 8
  • 68
  • 100
  • Thank you Jupaol! You've given me some useful directions. I'll give it a go and see what I can dig up. I didn't setup the RSA on this server, so my knowledge is lacking in that arena, unfortunately. But it sounds like I'll have to jump in and get my hands dirty with the RSA portion of it. – Jagd Jul 02 '12 at 07:19
  • I'm glad it helped. Just one thing, before digging in the RSA configuration, make sure that the site deployed to the new server actually works in that server, to do that, create a site in that server and change the RSA authentication for Windows Authentication or just allow Anonymous users and make sure your AJAX calls work. If they do, then certainly the problem will be related to the RSA configuration (the ISAPI filter) – Jupaol Jul 02 '12 at 19:34
  • Alright, I setup a new website on the same server and verified that without RSA it does work. No RSA and no SSL, using just Windows Authentication and it does work. One step closer... I think. – Jagd Jul 03 '12 at 16:42
  • Https doesn't appear to be a factor either. Just switched the site over to use SSL and it works just fine. – Jagd Jul 03 '12 at 16:56
  • So you already solved your problem but now you would like to know the reason behind is that right? (related with the two different App pools) – Jupaol Jul 03 '12 at 19:20
  • I think I understand more or less what the problem is. It would appear that under Classic mode there has to be some tweaking with the ISAPI filters in order to get the AJAX to work, and I really don't want to go that route when it makes more sense to just use Integrated mode if it works (no-brainer really). I was worried at first that for one reason or another the RSA application pool would have to run under Classic mode, but I went and switched it to Integrated and everything works great! – Jagd Jul 04 '12 at 02:46
  • Well, I'm glad you solved just by switching the AppPool... I will try to dig a little bit more, to try to find that tweak you mention, it has to be something simple to configure (I hope), but it should be enabled by default since AJAX posts are so common these days... – Jupaol Jul 04 '12 at 03:53
1

The 405 HTTP Code is the "Method Not Allowed" code. So, you have some incorrect setting in your new architecture. It is certainly a server misconfiguration. This error could stem from a number of places and without access to your server it's going to be pretty hard for someone else to tell you what's going on. But maybe I can give you some starting points...

Have you double checked your web.config? That would be a common place for an error like this to stem from.

Have you checked your IIS logs? That would also be a very good place to start.

What happens if you try to POST without setting the contentType of your request? Maybe your page is not setup to receive JSON requests.

Have you tried using Fiddler? Try sending the POST request from an external client.

Update

A few more suggestions:

Have you tried disabling SSL? I would disable it just to make sure that the problem is not SSL-related.

Are you doing any URL rewriting? If so this could certainly be related.

Can you POST to any URLs successfully? Maybe IIS has POST disabled altogether. If so, here is an article that could help you enabled it, and here is a thread that might help as well.

Have you tried adding HttpPost into your web.config? Something like this:

<webServices>
   <protocols>
      <add name="HttpPost" />
   </protocols>
</webServices>
Community
  • 1
  • 1
Michael Frederick
  • 16,664
  • 3
  • 43
  • 58
  • It is possible that it is a misconfiguration with IIS or RSA, but by posting on stackoverflow I'd hoped that someone who was running a similar scenario (RSA + jQuery AJAX posts) could tell me that its working for them and maybe point me in some useful direction. – Jagd Jul 02 '12 at 07:09
  • Regarding your other suggestions - 1) I'm not sure what I would be looking for in the web.config that would even have an impact on this. As I said in the original question, it works without an RSA authentication in place, but doesn't work when RSA is in place. This doesn't lead me to believe that it has anything to do with the web.config, unless there's some obscure tag that has to be set that I don't know about. – Jagd Jul 02 '12 at 07:11
  • a) Haven't checked the IIS logs, so I'll give it a go. b) page is setup to work with json and does so just fine until RSA is in place. c) yes, I tried Fiddler but didn't come with anything. From all appearances it didn't even look like an AJAX post was being made to the server when I was running Fiddler. – Jagd Jul 02 '12 at 07:13
  • See my latest edit in my question. I dug up a little more info using Fiddler in IE 8. – Jagd Jul 02 '12 at 17:55
0

For troubleshooting purposes, try changing the AJAX "POST" to an AJAX "GET". I had slightly similar issue after moving a page that had an ajax post method from our dev environment to our production environment.

Joe Web
  • 128
  • 1
  • 1
  • 7
  • Thanks for the suggestion. I did try this already, but didn't have any luck with it. – Jagd Jul 01 '12 at 19:47
0

HTTP 405 is a server error, not a code error, indicating that the resource (URL) is being access by the wrong method. Try using GET instead of POST.

dotancohen
  • 30,064
  • 36
  • 138
  • 197
0

Maybe your server hasn't the ajax extentions installed. Try to mark the references to CopyLoacal = true and deploy the bin folder to the webserver.

Ricardo Souza
  • 16,030
  • 6
  • 37
  • 69