ASP.NET 2.0: System.Web.HttpException: Path 'OPTIONS' is forbidden

Discussion in 'ASP .Net' started by =?Utf-8?B?ZHBvbXQ=?=, Feb 20, 2006.

  1. I have overwritten Application_Error in my GlobalAsax to handle errors.
    From time to time, I am getting exceptions I have never seen before (see
    below).

    What do this exceptions mean? Why are they generated?
    Any help would be greatly appreciated.

    Dieter



    ------------------------------------------------------------
    System.Web.HttpException: Path 'OPTIONS' is forbidden.
    at System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext
    context)
    at
    System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously)
    ------------------------------------------------------------

    Instead of 'OPTIONS', I also retrieve 'PROPPATCH', 'MKCOL', 'PROPPATCH',
    'PROPFIND' and some more.


    ----entry in Application event log--------------------------

    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 20.02.2006 23:51:13
    Event time (UTC): 20.02.2006 22:51:13
    Event ID: 6c0c170c49ce4b1c835f43bb5545eae2
    Event sequence: 37024
    Event occurrence: 73
    Event detail code: 0

    Application information:
    Application domain: /LM/W3SVC/512649521/Root-1-127848542499800179
    Trust level: Full
    Application Virtual Path: /
    Application Path: ...
    Machine name: ...

    Process information:
    Process ID: 1412
    Process name: w3wp.exe
    Account name: NT-AUTORITÄT\NETZWERKDIENST

    Exception information:
    Exception type: HttpException
    Exception message: Path 'OPTIONS' is forbidden.

    Request information:
    Request URL: http://.../
    Request path: /
    User host address: ...
    User:
    Is authenticated: False
    Authentication Type:
    Thread account name: NT-AUTORITÄT\NETZWERKDIENST

    Thread information:
    Thread ID: 5
    Thread account name: NT-AUTORITÄT\NETZWERKDIENST
    Is impersonating: False
    Stack trace: at
    System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext context)
    at
    System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously)


    Custom event details:

    Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter
    http://go.microsoft.com/fwlink/events.asp.

    ------------------------------------------------------------
     
    =?Utf-8?B?ZHBvbXQ=?=, Feb 20, 2006
    #1
    1. Advertising

  2. They look like verbs that are refused by IIS because they do not have an
    association setup in IIS. You can look at the IIS Log and gather more
    information as to the request that was refused and post that here.

    Regards,

    Trevor Benedict R
    MCSD

    "dpomt" <> wrote in message
    news:...
    >I have overwritten Application_Error in my GlobalAsax to handle errors.
    > From time to time, I am getting exceptions I have never seen before (see
    > below).
    >
    > What do this exceptions mean? Why are they generated?
    > Any help would be greatly appreciated.
    >
    > Dieter
    >
    >
    >
    > ------------------------------------------------------------
    > System.Web.HttpException: Path 'OPTIONS' is forbidden.
    > at System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext
    > context)
    > at
    > System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    > at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    > completedSynchronously)
    > ------------------------------------------------------------
    >
    > Instead of 'OPTIONS', I also retrieve 'PROPPATCH', 'MKCOL', 'PROPPATCH',
    > 'PROPFIND' and some more.
    >
    >
    > ----entry in Application event log--------------------------
    >
    > Event code: 3005
    > Event message: An unhandled exception has occurred.
    > Event time: 20.02.2006 23:51:13
    > Event time (UTC): 20.02.2006 22:51:13
    > Event ID: 6c0c170c49ce4b1c835f43bb5545eae2
    > Event sequence: 37024
    > Event occurrence: 73
    > Event detail code: 0
    >
    > Application information:
    > Application domain: /LM/W3SVC/512649521/Root-1-127848542499800179
    > Trust level: Full
    > Application Virtual Path: /
    > Application Path: ...
    > Machine name: ...
    >
    > Process information:
    > Process ID: 1412
    > Process name: w3wp.exe
    > Account name: NT-AUTORITÄT\NETZWERKDIENST
    >
    > Exception information:
    > Exception type: HttpException
    > Exception message: Path 'OPTIONS' is forbidden.
    >
    > Request information:
    > Request URL: http://.../
    > Request path: /
    > User host address: ...
    > User:
    > Is authenticated: False
    > Authentication Type:
    > Thread account name: NT-AUTORITÄT\NETZWERKDIENST
    >
    > Thread information:
    > Thread ID: 5
    > Thread account name: NT-AUTORITÄT\NETZWERKDIENST
    > Is impersonating: False
    > Stack trace: at
    > System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext context)
    > at
    > System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    > at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    > completedSynchronously)
    >
    >
    > Custom event details:
    >
    > Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie
    > unter
    > http://go.microsoft.com/fwlink/events.asp.
    >
    > ------------------------------------------------------------
     
    Trevor Benedict R, Feb 21, 2006
    #2
    1. Advertising

  3. Hi Dieter,

    As Trevor has said, the http verbs you posted seems non-ASP.NET specific
    ones, some ones like PROPPATCH are http webdav verbs. Are you sure the
    client is using webbrowser to visit the web pages in your ASP.NET web
    applcations? Also, the Application_Error handler can only capture
    exceptions which occur during the ASP.NET serverside pipeline, and the
    error you encountere occurs before the request being processed in the
    pipeline, that's why the Application_Error dosn't capture it.

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], Feb 21, 2006
    #3
  4. Re: ASP.NET 2.0: System.Web.HttpException: Path 'OPTIONS' is forbi

    Hello Trevor,

    thanks for your feedback.
    Here are some lines of my IIS server log file:

    2006-02-21 20:01:09 W3SVC512649521 xxx xxx OPTIONS / - 80 -xxx.xxx.xxx.xxx
    HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - - 302 0 0 406 147 281
    2006-02-21 20:01:09 W3SVC512649521 xxx xxx OPTIONS /error.aspx
    aspxerrorpath=/ 80 - xxx.xxx.xxx.xxx HTTP/1.1
    Microsoft-WebDAV-MiniRedir/5.1.2600 - - 200 0 64 0 173 203
    2006-02-21 20:01:09 W3SVC512649521 xxx xxx PROPFIND /ofcscan - 80 -
    xxx.xxx.xxx.xxx HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - - 302 0 0 420
    165 328
    2006-02-21 20:01:11 W3SVC512649521 xxx xxx .52 PROPFIND /error.aspx
    aspxerrorpath=/ofcscan 80 - xxx.xxx.xxx.xxx /1.1
    Microsoft-WebDAV-MiniRedir/5.1.2600 - - 200 0 0 31813 191 1218

    2006-02-21 20:01:48 W3SVC512649521 xxx xxx GET
    /officescan/cgi/cgiOnStart.exe
    UID=11111111-5555-1111-1111-111111111111&DATE=20060221&TIME=210147&COMPUTER=ET215&PLATFORM=Windows%20NT%205%2e1%2e2600&IP=192.168.x.xx&PTNFILE=322100&PROGRAM=5.58&ENGINE=8.000&ENCY=35&DOMAIN=xxxxxx&HOTFIX=20051205223206&INSTDATE=20030724&INSTTIME=143756&MOBILE=0&RELEASE=5.58&OPPSTATUS=0
    80 - xxx.xxx.xxx.xxx HTTP/1.1 TMhtload/1.31.00.1234 - - 404 0 0 1795 516 218

    It really seems that those requests are WebDAV requests.

    /officescan/cgi/cgiOnStart.exe might be TrendMicro VirusScan.
    The DOMAIN=xxxxxx in the query string gave me a hint: I know that the client
    has the same domain name xxxxxx for his internal network as well as for the
    (hosted) webserver. Probably WebDAV requests should stay in the local network
    but are routed to the webserver.


    Best regards,
    Dieter
     
    =?Utf-8?B?ZHBvbXQ=?=, Feb 21, 2006
    #4
  5. Re: ASP.NET 2.0: System.Web.HttpException: Path 'OPTIONS' is forbi

    Hello Steven,

    please see my previous reply to Trevor. Really seems that WebDAV requests
    are erroneously routed to the weberver.

    > Also, the Application_Error handler can only capture
    > exceptions which occur during the ASP.NET serverside pipeline, and the
    > error you encountere occurs before the request being processed in the
    > pipeline, that's why the Application_Error dosn't capture it.


    Actually, my Application_Error does capture those exceptions.
    I guess the reason for this is that I have added a wildcard application
    mapping in IIS for aspnet_isapi.dll. I need this to protect all file types
    with Forms Auth.

    Best regards,
    Dieter
     
    =?Utf-8?B?ZHBvbXQ=?=, Feb 21, 2006
    #5
  6. Re: ASP.NET 2.0: System.Web.HttpException: Path 'OPTIONS' is forbi

    Thank you for the response.

    Since you've mapped all the wildcard application extension to the ASP.NET
    extension, that makes some sense that your application recieve many
    unexpected http requests. Anyway, if you manually forward some non-ASP.NET
    friendly requests to asp.net runtime, you need to make sure you have proper
    ASP.NET httphandlers to handle them.

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], Feb 22, 2006
    #6
  7. =?Utf-8?B?ZHBvbXQ=?=

    navyjax2

    Joined:
    Sep 20, 2008
    Messages:
    11
    The answer

    Unfortunately, telling someone they need the proper handlers to handle their requests/file types doesn't tell someone what those proper handlers are. I found the answer I was looking for on another site and came back to share, since I think someone finding this thread with this same issue deserve as much:

    For me, I was trying to serve a CSV file and got the Path 'OPTIONS' is forbidden error in my Event Log when I hyperlinked to it from my Default.aspx page and clicked that link. Funny thing is that I could still get my CSV file... anyway... It seems instead of a "GET", which I did have handled in my web.config file, IIS was using this "action" or "verb" 'OPTIONS' that I had no clue about. Why it has to use 'OPTIONS' instead of 'GET', well that's for the MS reps to tell us, I guess... anyway...

    I added this to my web.config in the <configuration><system.web><httpHandlers>
    section:

    <add path="*" verb="OPTIONS" type="System.Web.DefaultHttpHandler" validate="true"/>

    That way, as it was explained on the site where I found it, IIS is handling the serving, not the .NET Framework, WebDAV, or anything else.

    -Tom
     
    navyjax2, Aug 25, 2010
    #7
  8. =?Utf-8?B?ZHBvbXQ=?=

    uwking

    Joined:
    Apr 14, 2011
    Messages:
    1
    I get Path 'MKCOL' is forbidden

    This has stumped me for a few days and I found this thread, and hopefully some of you can help me.

    I basically get Path 'MKCOL' is forbidden error when my WebDAV client sends a MKCOL request.

    What's weird about this is that other WebDAV specific requests such as COPY, LOCK, UNLOCK requests pass and return proper responses.

    It is just MKCOL that is not working.

    I was using custom HttpModule before, and did not give me any issue with MKCOL.
    but now I have switched to HttpHandler, and everything works but MKCOL.

    MKCOL returns 405 Method Not Allowed response when it tries to create a collection on an existing collection, but this is not my case.

    Any idea from anyone?
     
    Last edited: Apr 14, 2011
    uwking, Apr 14, 2011
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve
    Replies:
    0
    Views:
    5,341
    Steve
    Jul 1, 2003
  2. David Hunt
    Replies:
    4
    Views:
    11,315
    gullsinn
    Oct 4, 2009
  3. Graham

    Path 'OPTIONS' is forbidden

    Graham, Feb 22, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    2,319
    IPGrunt
    Feb 23, 2005
  4. Adrian Tosca

    Failed to map the path System.Web.HttpException

    Adrian Tosca, Apr 20, 2005, in forum: ASP .Net Web Controls
    Replies:
    1
    Views:
    348
    Adrian Tosca
    Apr 20, 2005
  5. Mark J. McGinty

    IIS HTTP 403.1 Forbidden: Execute Access Forbidden

    Mark J. McGinty, Dec 9, 2005, in forum: ASP General
    Replies:
    2
    Views:
    361
    Kyle Peterson
    Dec 9, 2005
Loading...

Share This Page