OPTIONS preflight request doesn't reach IIS hosted service

Question

I've got a localhost website and an IIS(7.5) hosted WCF service implemented like this with a Visual Studio debugger attached. Whenever I make a CORS request to my service I'm getting the following 404 response, along with the standard ASP.Net error page:

OPTIONS http://192.168.200.44/api/values HTTP/1.1
Host: 192.168.200.44
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Origin: http://localhost:51946
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

Response >>
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 26 Sep 2013 09:38:49 GMT
Content-Length: 1245

Originally I was receiving erroneous 200 messages which didn't touch my WCF applictions numerous breakpoints, so it was being handled by IIS itself. I then followed this and this SO posts and removed the OPTIONSVerbHandler from the site and add "OPTIONS, PUT, POST & DELETE" as allowed HTTP verbs in the IIS manager UI (rather then web.conf), which progressed me to my 404 message. I've looked into WebDav which is highlighted as a problem but I haven't disabled/removed it because I don't know how but have read that it only affects "PUT & DELETE" operations where as my "POST" ops are also failing.

GET requests work as expected so the service definitely exists/works in IIS, just the Options preflight isn't reaching my service.

TY

Answer 1

Although the OP managed to find a solution that worked in their specific case, the same issue has been driving me round the bend for the past few hours. In my case I knew it wasn't a code / web.config issue as the same code ran perfectly fine on my local IIS, but not on the production version.

After reading numerous posts and trying everything they suggested (including the OP's answer) I actually got round to looking at the IIS logs (should have done that first!) and found this:

2015-03-09 14:43:39 <IP Addr> GET /Rejected-By-UrlScan ~/Service.svc/H2dbImportTxtFile <Port> - <IP Addr>

This led me too:

http://www.pressthered.com/rejected-by-urlscan_404_errors/

And ultimately [AllowVerbs] the section of:

\system32\inetsrv\urlscan\UrlScan.ini

I just needed to add OPTIONS.

And now the OPTIONS request gets through, and everything works.

Hope that helps some-one else who is being driven mad.

EDIT:

As stated in another SO post (I'm afraid I've lost it now), as mine was a WCF service I also had to change the interface of the listening service from:

[WebInvoke(Method = "POST", etc]

to

[WebInvoke(Method = "*", etc]