locked
PUT/DELETE/OPTIONS method return 401 page RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-107027752 posted

    I'm using a .net core web api 3.1 hosted on remote IIS server, with PUT/DELETE/OPTIONS request I got a 401 page.

    Here is the stackoverflow question

    Thursday, September 17, 2020 9:23 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-107027752 posted

    Solved by enabling all verbs on the iis server -> .NET Authorization Rules

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, September 24, 2020 12:08 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-848649084 posted

    Hi,

    Make sure you installed the IIS CORS Module if not you can download it from the below link:

    https://www.iis.net/downloads/microsoft/iis-cors-module

    Diable anonymous and enable windows authentication iis for the site.

    add cors policy:

    public void ConfigureServices(IServiceCollection services)
{

        ...
          services.AddCors(options =>
              {
                  options.AddPolicy("MyCustomCorsPolicyName",
                              builder => builder.WithOrigins("http://YourDomainName/")
                                      .AllowAnyMethod()
                                      .AllowAnyHeader()
                                      .AllowCredentials()
                              );
              });
          services.AddAuthentication(IISDefaults.AuthenticationScheme);
          services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);      
}

    Add Authorize Attribute on top of your controller to Force, client to send credentials

    [Authorize]
public class MyAPIController : ControllerBase
{
...
}

    Reference link:

    https://blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module

    https://docs.microsoft.com/en-us/iis/extensions/cors-module/cors-module-configuration-reference

    Friday, September 18, 2020 9:42 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-107027752 posted

    I have installed the cors module with no luck, I cannot Disable anonymous and enable windows authentication iis for the site as this is a public api has some public methods like login.

    Sunday, September 20, 2020 9:55 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-848649084 posted

    you are not using any authentication in your site? 

    Wednesday, September 23, 2020 9:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-107027752 posted

    This is an api, I'm using a custom action filter on my controller to validate http token header for the private methods. I'm not using the Authorize attribute.

    Thursday, September 24, 2020 9:32 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-107027752 posted

    Solved by enabling all verbs on the iis server -> .NET Authorization Rules

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, September 24, 2020 12:08 PM