HTTP Verbs PUT and DELETE: 405 Method not allowed - how to allow?

Question

I've been trying all the suggested workarounds for ASP.NET to be able to address my REST web service by HTTP Methods PUT and DELETE. However, none of them seems to work. (i.e. removing WebDAV handler or allowing all verbs to ExtensionlessHandler).

What's required in ASP.NET Core Web API (on IIS) to allow those two verbs (HTTP PUT and DELETE)?

PS: I've configured our Web API project using CORS, yet I'm accessing the web service from a web page on the same origin. So it's not a CORS issue, either.

Answer 1

A day after, I now found the cause for this error. The following reasons caused this error to happen:

1. There was a typo in the PUT call, so the Web API method wasn't called. After fixing that, the following two issues had to be fixed:
2. It wasn't sufficient to prefix the Web API methods with the method and omit the corresponding attributes ([HttpPut], [HttpDelete]). So, these attributes had to be applied (this is particular to ASP.NET Core).
3. It wasn't sufficient to provide the above attributes to the methods. It was required to provide the methods' address (and query string, resp.) parameters for these attributes ([HttpPut("{id}")], [HttpDelete("id")]), too. (This is particular to ASP.NET Core.)

See ASP.NET Core Web API: Routing by method name? .

I believe "405 Method not allowed" to be quite an inappropriate error message. It doesn't reflect any of the above three reasons and is very confusing.

I, moreover, believe that "400 Bad Request", "404 Not Found", or - rather - "501 Not Implemented" would have been rather more appropriate HTTP return states.

I created a GitHub issue on this:
"405: Method not allowed" = Misleading error message → Replace with better HTTP status code