Methods not Allowed in ASP.NET Core

ASP.NET Core logo bigger

If you create APIs, you can face that same Methods not Allowed in with ASP.NET Core, NET6 or NET7.

The WebDAVModule set PUT and DELETE request methods disabled by default and due to that PUT and DELETE throw 405 errors.

Such weird discovery led me to dig through the web looking for a suitable explanation, until I eventually found the cause: it seems like the culprit is the WebDAVModule, which seems to set PUT and DELETE request methods disabled by default. In order to get them to work, we either need to change these defaults or disable it for the whole web application, which was what we did.

Here’s what we put in the web.config file to remove it for good:

<system.webServer>
  <modules runAllManagedModulesForAllRequests="false">
    <remove name="WebDAVModule" />
  </modules>
</system.webServer>

Also, with the latest version of .NET CORE (2.0 and above), there might be a case of no web.config file available at all, if that is your case then add a web.config file on your own.

Despite the rather easy workaround, such an issue is definitely a though one, as it will easily affect most ASP.NET Core Web API and Web Applications when they get deployed on a live environment: that’s because the WebDAV module, although not supported by IIS Express, happens to be enabled in most production servers.

If you are facing the same issue with multiple APIs hosted on the same server, then either you can add the above entries under web.config file of all the affected API’s or you can remove the below entry of WebDAVModule from ApplicationHost.config file under the module section:

<add name="WebDAVModule" />

ApplicationHost.config can be found at

C:\Windows\System32\inetsrv\config

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.