2

On my Web API I have a few [HttpGet] functions that work perfectly, but the one that is [HttpDelete] (on the same Controller) doesn't work, it returns 404 error.

[Authorize]
[RoutePrefix("Users")]
public class UsersController : ApiController
{
    [HttpDelete]
    [Route("DeleteUser/{ID}")]
    public void Delete(int id)
    {
        _UserRepository.Delete(id);
    }
}

On the web.config I have the verb set to *:

 <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule" />
      <remove name="FormsAuthentication" />
    </modules>
    <handlers>
      <remove name="WebDAV" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>

The AJAX call:

deleteUser = function (id, callback) {
    $.ajax({
        url: "../../API/Users/DeleteUser/" + id,
        type: "DELETE",
        success: function () {
            callback;
        }
    });
}

The error:

HTTP Error 404.0 - Not Found Detailed Error Information Module IIS Web Core Notification MapRequestHandler Handler StaticFile

Error Code 0x80070002

Requested URL https://www.example.com:443/Rejected-By-UrlScan?~/API/Users/DeleteUser/155

Physical Path d:\wr\mySite\example.com\Rejected-By-UrlScan Logon Method Anonymous Logon User Anonymous

All the calls are authenticated with OWIN Authentication and a bearer token.

An example of a working call on the same page:

getUsers = function (callback) {
    $.get("../../API/Users/GetUsers/", callback);
}

What can causes it?

user3378165
  • 6,546
  • 17
  • 62
  • 101
  • Can you include more of the controller like its definition and if it has any attributes on it. Also show the raw response when sending a request that fails. – Nkosi Jul 05 '17 at 15:21
  • Are you authenticated when sending the request? Noticing controller is tagged with `[Authorize]` attribute – Nkosi Jul 05 '17 at 15:33
  • Show one of the calls that do work in production – Nkosi Jul 05 '17 at 15:43
  • @Nkosi Please see my edited question. – user3378165 Jul 06 '17 at 05:45
  • Depending on your IIS version your should take a look at this question https://stackoverflow.com/questions/10906411/asp-net-web-api-put-delete-verbs-not-allowed-iis-8 – Nkosi Jul 12 '17 at 10:33
  • The IIS version is 7.5, I saw this question and tried everything suggested there but with no success, the website is on a shared server so it's a little bit difficult to access it. – user3378165 Jul 12 '17 at 17:38

2 Answers2

2

As stated in another post, there may be an extension (UrlScan) configured in IIS to block DELETE requests. You can check your IIS for this extension.

Subbu
  • 2,130
  • 1
  • 19
  • 28
1

Try setting the verbs manually

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule" />
      <remove name="FormsAuthentication" />
    </modules>
    <handlers>
      <remove name="WebDAV" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" 
           path="*." 
           verb="GET,HEAD,POST,DEBUG,DELETE,PUT" 
           type="System.Web.Handlers.TransferRequestHandler" 
           preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>

Also check to make sure

  • That you are calling the correct path.

  • you do not have a folder that matches the intended route

Also, your route template place holder needs to match the action parameter name

[Authorize]
[RoutePrefix("Users")]
public class UsersController : ApiController {

    [HttpDelete]
    [Route("DeleteUser/{id:int}")] //Matches DELETE {root}/Users/DeleteUser/5
    [AcceptVerbs("DELETE")]
    public IHttpActionResult Delete(int id) {
        //TODO: check if {id} exists and if not, then return NotFound()
        _UserRepository.Delete(id);
        return Ok();
    }

    //...other members
}
Nkosi
  • 235,767
  • 35
  • 427
  • 472
  • Depending on your IIS version your should take a look at this question https://stackoverflow.com/questions/10906411/asp-net-web-api-put-delete-verbs-not-allowed-iis-8 – Nkosi Jul 12 '17 at 10:35
  • The IIS version is 7.5, I saw this question and tried everything suggested there but with no success, the website is on a shared server so it's a little bit difficult to access it. – user3378165 Jul 13 '17 at 06:53