HTTP PUT and DELETE not allowed by default on ASP.NET web API

Question

I am unable to follow this tutorial provided by Microsoft because DELETE and PUT are blocked by default on the latest scaffolding for ASP.NET web API:

http://www.asp.net/web-api/overview/older-versions/creating-a-web-api-that-supports-crud-operations

When I attempt to perform a PUT or DELETE I end up with this response from the server:

HTTP/1.1 405 Method Not Allowed
Cache-Control: no-cache
Pragma: no-cache
Allow: GET,POST
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcTWF0dFxEb2N1bWVudHNcV2lubm92IEdpdEh1YiBSZXBvc2l0b3JpZXNcUkVTVGZ1bC1Db21tYW5kLUNlbnRlclxBU1AuTkVULVJFU1RmdWwtQ29tbWFuZC1DZW50ZXItSW50ZXJmYWNlXFJFU1RmdWxDb21tYW5kQ2VudGVySW50ZXJmYWNlXGFwaVxWaWRlb01peFw=?=
X-Powered-By: ASP.NET
Date: Fri, 23 Jan 2015 17:55:05 GMT
Content-Length: 75

{"Message":"The requested resource does not support http method 'DELETE'."}

From this error the only conclusion that I can draw is that PUT and DELETE are simply not allowed for my web app in debug mode and I don't know what to do from here.

This issue is happening ONLY in debug mode for now, I have not yet officially deployed this build on a production IIS machine. What can be done to allow PUT and DELETE?

This is what my web.config file looks like:

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=301879
  -->
<configuration>
  <configSections>
    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  </configSections>
  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-RESTfulCommandCenterInterface-20141125105128.mdf;Initial Catalog=aspnet-RESTfulCommandCenterInterface-20141125105128;Integrated Security=True"
      providerName="System.Data.SqlClient" />
  </connectionStrings>
  <appSettings></appSettings>
  <system.web>
    <authentication mode="None" />
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
  </system.web>
  <system.webServer>
    <modules>
      <remove name="FormsAuthentication" />
    </modules>
    <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.1.0.0" newVersion="2.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.0.0" newVersion="5.2.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
</configuration>

Answer 1

This was a fix for me a few days ago.

Web Distributed Authoring and Versioning (WebDAV) was causing my Web API to not allow put requests and delete requests. I was receiving a 405 Method Not Allowed each time I made the request regardless of debug mode or not.

Add this to your Web.Config

<modules>
  <remove name="WebDAVModule" />
</modules>

<handlers>
  <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
  <remove name="OPTIONSVerbHandler" />
  <remove name="TRACEVerbHandler" />
  <remove name="WebDAV" />
</handlers>

Then follow thes steps below:

• In your IIS Manager, click on your website, and open WebDAV Authoring .
• On the righthand side of your IIS Manager you will see WebDAV Settings.. open it.
• Under Request Filtering Behavior set Allow Verb Filtering to False

Answer 2

I would say this is not a dupe because every single solution I've seen on this says you either have to go change your server config or mess around with WebDAV. I've never had to do anything except modify my Web.config to get this working (in fact one of the requirements for an app I just built was that it needs to work without manually configuring the server). The only difference between what I am working with and the posted Web.config is that my app is targeting 4.5.1 and a validation tag under system.webServer (posting the entire system.webServer section for context):

<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
  <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
  <remove name="OPTIONSVerbHandler" />
  <remove name="TRACEVerbHandler" />
  <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>

Answer 3

Aside from changing WebDAV, I have had success using route attributes on my API handler methods (in the Controller class):

' PUT api/myclass/5
<HttpPut>
<Route("api/myclass/{id}", Name:="PutItem")>
Public Function PutItem(ByVal id As Integer, <FromBody()> ByVal item As MyClass) As IHttpActionResult
  ' handle PUT method here
End Function

Apologies for the example code in VB, but that is my ASP.NET language of choice :O

Stuart