When writing RESTful APIs, we often used the HTTP verbs to
control our operations.
Http
Verb
|
Description
|
GET
|
Reads information
|
POST
|
Create a record
|
PUT
|
Update a record
|
DELETE
|
Delete a record
|
Our MVC APIs usually are set with attributes to indicate the
verb as well.
During the development process, we test our APIs with IIS
Express, so there is no unexpected behavior. When deploying to our test and
production environments, the web server settings may be set to only allow the
most common verbs like GET, POST and OPTIONS.
If this is the case when we deploy our API, we may come across this
error when testing out the PUT or DELETE operations:
405 - HTTP verb used to access this page is not allowed
|
A quick way to control that from our applications is to set
the allow verb configuration in our web.config file. This overrides the IIS
settings for our application. We can do
this by setting the following web server configuration.
<system.webServer>
<security>
<requestFiltering>
<verbs allowUnlisted="false">
<add verb="GET" allowed="true" />
<add verb="OPTION" allowed="true" />
<add verb="POST" allowed="true" />
<add verb="DELETE" allowed="false" />
<add verb="PUT" allowed="true" /> </verbs>
</requestFiltering>
</security>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
</system.webServer>
|
The settings above indicate that we want to allow GET,POST,
OPTION and PUT, and DELETE should not be allowed. We also need to remove a WebDAV module and
handler that can raise this error as they intercept some of the less common
verb like PUT and DELETE.
The advantage of doing the changes on the web.config over
configuring IIS is that as the application is deployed on any other server/environment;
no one has to remember to update that setting on IIS.
Hope that helps.
Originally published by ozkary.com
0 comments :
Post a Comment
What do you think?