I am using OKTA as an Idp for SSO feature. I have added a application in OKTA & have defined below settings :
Single sign on URL & Audience URI (SP Entity ID) : http://localhost/KentorBeginner/ (Even tried by removing trailing slash)
On browsing OKTA SSO Url (different than above), okta redirects to my IIS configured application (KentorBeginner) but I am getting a HTTP Error 405.0 - Method Not Allowed.
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.
Please find the below screenshots for reference.Direct-browse
Thanking you.
Regards,
Ravi Karavadia
Actually, the problem lied in posting the request to html file.
IIS sees html files as static and only allows them to use GET and HEAD verbs, so when a form was posted I was getting "405 Method Not Allowed...cannot be displayed because an invalid method (HTTP verb) is being used" error.
We need to configure whatever language you're using to handle the html files instead of the static file handler.
So I added below entry for handling html file with a different handler.
under handlers tag of System.WebServer.
Below is my web.config snippet.
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="ISAPI-dll" />
<remove name="StaticFile" />
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Script" />
<add name="ISAPI-dll" path="*.dll" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Either" requireAccess="Execute" allowPathInfo="true" preCondition="bitness32" />
<add name="html" path="*.html" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" />
</handlers>
<defaultDocument enabled="true">
<files>
<clear />
<add value="Hello.html" />
</files>
</defaultDocument>
<security>
<requestFiltering>
<verbs>
<add verb="POST" allowed="true" />
</verbs>
<fileExtensions>
<add fileExtension=".html" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
Thanking you.
Regards,
Ravi Karavadia
I was getting this error on Firefox because I was using Facebook Container extension. After disabling Facebook Container in about:addons I can log in normally - without getting "Method Not Allowed" error
I am a web app that I'm trying to get working with Windows Auth. However, no matter what I do, I can't get past a 401.
web.config
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false" />
<windowsAuthentication enabled="true">
<providers>
<clear />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
<authorization>
<clear />
<add accessType="Deny" users="?" />
<add accessType="Allow" users="CABLE\mmulhe200" />
</authorization>
</security>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="WWW Server" areas="Authentication,Security,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket" verbosity="Verbose" />
</traceAreas>
<failureDefinitions timeTaken="00:00:00" statusCodes="401.1" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>
</configuration>
IIS Failed Request Trace Output (Partial)
<failedRequest url="http://dev.windowsauthtest.com:80/"
siteId="3"
appPoolId="windowsAuthTest"
processId="33204"
verb="GET"
authenticationType="NOT_AVAILABLE" activityId="{80000727-0003-F400-B63F-84710C7967BB}"
failureReason="STATUS_CODE"
statusCode="401.1"
triggerStatusCode="401.1"
timeTaken="0"
xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"
>
The part that concerns me is
authenticationType="NOT_AVAILABLE"
I get prompted to enter my credentials and I enter my NT username/password and it just keeps re-prompting.
Any ideas?
I'm having problems figuring out how to transform the web.config file when my NuGet package it installed. It's doing some of the transformations, but not all of them.
Here's the untouched web.config file that I need to modify upon installation of my NuGet package:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
<authentication mode="None" /> ***** I want this removed *****
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" /> ***** I want this removed *****
</modules>
</system.webServer>
</configuration>
Here's what I want as the result:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="MvcMailer.BaseURL" value="" />
<add key="SecurityGuardEmailFrom" value="info#email.net" />
<add key="SecurityGuardEmailSubject" value="Your Password has been reset." />
<add key="SecurityGuardEmailTemplatePath" value="~/MailerTemplates/ResetPassword.html" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/SGAccount/Login" timeout="2880" />
</authentication>
</system.web>
<system.webServer>
<modules>
</modules>
</system.webServer>
</configuration>
This is transformed web.config file in the MVC application, which is incorrect:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="MvcMailer.BaseURL" value="" />
<add key="SecurityGuardEmailFrom" value="info#email.net" />
<add key="SecurityGuardEmailSubject" value="Your Password has been reset." />
<add key="SecurityGuardEmailTemplatePath" value="~/MailerTemplates/ResetPassword.html" />
</appSettings>
<system.web>
<authentication mode="None" /> ***** Not removed when it should be *****
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/SGAccount/Login" timeout="2880" />
</authentication>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" /> ***** Not removed when it should be *****
</modules>
</system.webServer>
</configuration>
And this is my web.config.install.xdt file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.web>
<authentication mode="None" xdt:Transform="Remove" xdt:Locator="Match(mode)" />
<authentication mode="Forms" xdt:Transform="Insert">
<forms loginUrl="~/SGAccount/Login" timeout="2880" />
</authentication>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" xdt:Transform="Remove" xdt:Locator="Match(name)" />
</modules>
</system.webServer>
</configuration>
I've read all the documentation on the Nuget.org site about how to use the XDT transformations, and it even works on this tester site; https://webconfigtransformationtester.apphb.com/, but it doesn't work in action.
I'm stumped. Any suggestions on how to make this work?
Here's what the new web.config.install.xdt looks like that handled the job successfully:
<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<appSettings>
<add key="SecurityGuardEmailFrom" value="info#email.net" xdt:Transform="Insert" />
<add key="SecurityGuardEmailSubject" value="Your Password has been reset." xdt:Transform="Insert" />
<add key="SecurityGuardEmailTemplatePath" value="~/MailerTemplates/ResetPassword.html" xdt:Transform="Insert" />
</appSettings>
<system.web>
<authentication mode="Forms" xdt:Transform="SetAttributes" />
<authentication mode="Forms">
<forms loginUrl="~/SGAccount/Login" timeout="2880" xdt:Transform="Insert" />
</authentication>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" xdt:Transform="Remove" />
</modules>
</system.webServer>
</configuration>
Instead of trying to Remove the original authentication element, I changed the mode attribute, then I Inserted the forms element. The rest seemed to work itself out once this worked correctly.
i am using awstats for my IIS7.5
I try to use forms authenrication, but it only work on the directory only( http://XXXX.com/awstats/wwwroot/cgi-bin/ ).
However, I can go to http://XXXX.com/awstats/wwwroot/cgi-bin/awstats.pl?config=testsite directly without login.
I want people to to execute this (awstats.pl?config=testsite) before login.
I don't want to create a local domain for the users becasue I will have many user to using awstats in different subfoler.
The web.config in the /awstats
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="SIPE_ASPXAUTH" loginUrl="~/Login.aspx" protection="All" path="/" timeout="20">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="Perl" path="*.pl" verb="GET,HEAD,POST" modules="CgiModule" scriptProcessor="C:\Perl64\bin\perl.exe "%s" %s" resourceType="Unspecified" requireAccess="Script" preCondition="bitness64" />
</handlers>
<httpErrors errorMode="Detailed" />
</system.webServer>
</configuration>
I created a new ASP.NET MVC 4 application based on Internet application template, I could succesfully run it and authenticate user from within VS 2012 Express.
Then published it to a folder in wwwroot, then in IIS 7.5 manager created a virtual directory pointing to that folder, and converted it to an application using a separate 4.0 integrated pool.
When I tried to browse the application from within the IIS manager I get the next error:
HTTP Error 500.19 - Internal Server Error,
The requested page cannot be accessed because the related configuration data for the page is invalid.
Config Error: Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'ExtensionlessUrlHandler-Integrated-4.0'
Config source:
56: <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
57: <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
58: </handlers>
searched here,I found the corresponding answer:
Resolution 1
Delete the malformed XML element from the ApplicationHost.config file or from the Web.config file.
My web.config file is as below:
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false"/>
</configSections>
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=aspnet-digixMVC4-20120915233326;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-digixMVC4-20120915233326.mdf" providerName="System.Data.SqlClient"/>
</connectionStrings>
<appSettings>
<add key="webpages:Version" value="2.0.0.0"/>
<add key="webpages:Enabled" value="false"/>
<add key="PreserveLoginUrl" value="true"/>
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
</appSettings>
<!--
The following attributes can be set on the <httpRuntime> tag.
<system.Web>
<httpRuntime targetFramework="4.5"/>
</system.Web>
-->
<system.web>
<compilation targetFramework="4.5"/>
<httpRuntime/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880"/>
</authentication>
<pages controlRenderingCompatibilityVersion="4.0">
<namespaces>
<add namespace="System.Web.Helpers"/>
<add namespace="System.Web.Mvc"/>
<add namespace="System.Web.Mvc.Ajax"/>
<add namespace="System.Web.Mvc.Html"/>
<add namespace="System.Web.Optimization"/>
<add namespace="System.Web.Routing"/>
<add namespace="System.Web.WebPages"/>
</namespaces>
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit"/>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit"/>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0"/>
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364g85"/>
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364g85"/>
<bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364g85"/>
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework"/>
</entityFramework>
</configuration>
As I am a poorly skilled developer in MVC 4, I would ask if someone could find out the malformed xml element in the file above.
This is true for ASP.NET WebAPI 5.2 too..
I had
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
Which I changed to
<add name="ExtensionlessUrlHandler-Integrated-4.0a" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0b" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
Thats it.. It worked.
you have the same name in twice. the name must be unique.
current config
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
change to
<add name="ExtensionlessUrlHandler-Integrated-4.0a" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0b" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
I experienced a similar problem to this.
what worked for me was to remove, then re-add the handler:
My guess is that if by default this is enabled in the IIS Server already, it may trigger this error.
I am using IIS 10, MVC 5, .NET Framework 4.6.1
Hope this helps :-)