IIS 7.5 + enable PUT and DELETE for RESTFul service, extensionless

i am trying to understand how IIS 7.5 handles POST and PUT request.

I am writing a RESTful service using OpenRasta framework. The POST operation works without any problem, but the PUT operation for the same URL does not. It returns error like the following

Detailed Error Information
Module: IIS Web Core
Notification: MapRequestHandler
Handler: StaticFile
Error Code: 0x80070002

the url is like this following "http://localhost/MyService/Resource.Something.manifest"

Same setup works fine in visual studio development IIS.

Solution

Basically the default ExtensionlessUrlHandler does not accept PUT and DELETE verb. Just need to add them.

<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />

To get PUT and DELETE to be accepted by IIS 7.5 for a PHP 5.4 fast-CGI driven REST API I had to disable the WebDAV-module. Otherwise the WebDAV module intervenes the HTTP requests using PUT or DELETE. To get this working was however a bit confusing and I might have missed some steps or done it in another order.

These lines are placed as children of the <system.webServer>-element in web.config in the application root.

<modules>
    <remove name="WebDAVModule" />
</modules>
<handlers>
    <remove name="WebDAV" />
</handlers>

Hopes this might spare some frustration. It seems like the default setting for the server is to accept any HTTP verb not listed - see settings under Request filtering -> HTTP Verbs -> Edit feature Settings. One may consider to explicitly add the VERBS that are to be allowed. The verbs allowed may be specified appending this snippet, also as a child of <system.webServer>.

    <security>
        <requestFiltering>
            <verbs allowUnlisted="false">
                <add verb="GET" allowed="true" />
                <add verb="POST" allowed="true" />
                <add verb="DELETE" allowed="true" />
                <add verb="PUT" allowed="true" />
            </verbs>
        </requestFiltering>
    </security>

On a client machine one can uninstall the WebDAV module from here:

Control Panel -> Uninstall Program -> Turn Windows features on or off -> IIS -> World Wide Web Services -> Common HTTP feautre -> WebDAV Publishing

The last measure to get it working was by editing applicationhost.config found in C:\Windows\System32\inetsrv\config. Within <system.webServer> -> <handlers> you will see a php entry that has just verb="GET,HEAD,POST - amend it to add the verbs you require, e.g.:

<add name="PHP54_via_FastCGI" path="*.php" verb="GET,HEAD,PUT,DELETE,POST"/>
                                                                 |
                                                                 |
                                                                 |
append verbs here  ----------------------------------------------|

1.Go to IIS Manager.
2.Click on your app.
3.Go to "Handler Mappings".
4.In the feature list, double click on "WebDAV".
5.Click on "Request Restrictions".
6.In the tab "Verbs" select "All verbs" .
7.Press OK.

See http://learn.iis.net/page.aspx/901/iis-express-faq/ that is linked from the OR wiki.

From the link (not block-quoted for readability):

A: You can modify the IIS Express applicationHost.config in the %userprofile%\documents\IISExpress\config folder. For example to enable PUT and DELETE for extensionless Urls scroll down to the bottom of the IIS Express applicationHost.config file and look for a handler entry that starts with:

<add name="ExtensionlessUrl-Integrated-4.0" …

In the verb attribute add PUT and DELETE so the verb attribute looks like: verb="GET,HEAD,POST,DEBUG,PUT,DELETE".

My scenario was a web application in a web site on IIS 7.5. The web site had to continue to enable WebDAV, but the web application needed to turn it off in order to support PUT and DELETE in its REST API.

To get that working, the web application's Web.config needed this:

<modules runAllManagedModulesForAllRequests="true" runManagedModulesForWebDavRequests="true" >
  <remove name="WebDAVModule" />
</modules>

<handlers>
  <remove name="WebDAV" />
</handlers>

The important difference from the other answers here is the need for runManagedModulesForWebDavRequests="true"

For me this does the trick in the web.config.

<system.webserver>
    <handlers>
          <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
          <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE" modules="IsapiModule" scriptProcessor="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />

          <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
          <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
<system.webserver/>

<system.web>
  <authentication mode="Windows" />
  <identity impersonate="true"/>
<system.web/>

I used following configuration:

• IIS 7.5
• Windows Server 2008 R2
• Custom Application Pool, .NET 4.0, Integrated
• Windows Authentication = true
• Anonymous Authentication = false

Hope it helps. ;-)