Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP.NET 2.0: System.Web.HttpException: Path 'OPTIONS' is forbidden

Reply
Thread Tools

ASP.NET 2.0: System.Web.HttpException: Path 'OPTIONS' is forbidden

 
 
=?Utf-8?B?ZHBvbXQ=?=
Guest
Posts: n/a
 
      02-20-2006
I have overwritten Application_Error in my GlobalAsax to handle errors.
From time to time, I am getting exceptions I have never seen before (see
below).

What do this exceptions mean? Why are they generated?
Any help would be greatly appreciated.

Dieter



------------------------------------------------------------
System.Web.HttpException: Path 'OPTIONS' is forbidden.
at System.Web.HttpMethodNotAllowedHandler.ProcessRequ est(HttpContext
context)
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously)
------------------------------------------------------------

Instead of 'OPTIONS', I also retrieve 'PROPPATCH', 'MKCOL', 'PROPPATCH',
'PROPFIND' and some more.


----entry in Application event log--------------------------

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 20.02.2006 23:51:13
Event time (UTC): 20.02.2006 22:51:13
Event ID: 6c0c170c49ce4b1c835f43bb5545eae2
Event sequence: 37024
Event occurrence: 73
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/512649521/Root-1-127848542499800179
Trust level: Full
Application Virtual Path: /
Application Path: ...
Machine name: ...

Process information:
Process ID: 1412
Process name: w3wp.exe
Account name: NT-AUTORITÄT\NETZWERKDIENST

Exception information:
Exception type: HttpException
Exception message: Path 'OPTIONS' is forbidden.

Request information:
Request URL: http://.../
Request path: /
User host address: ...
User:
Is authenticated: False
Authentication Type:
Thread account name: NT-AUTORITÄT\NETZWERKDIENST

Thread information:
Thread ID: 5
Thread account name: NT-AUTORITÄT\NETZWERKDIENST
Is impersonating: False
Stack trace: at
System.Web.HttpMethodNotAllowedHandler.ProcessRequ est(HttpContext context)
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously)


Custom event details:

Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter
http://go.microsoft.com/fwlink/events.asp.

------------------------------------------------------------
 
Reply With Quote
 
 
 
 
Trevor Benedict R
Guest
Posts: n/a
 
      02-21-2006
They look like verbs that are refused by IIS because they do not have an
association setup in IIS. You can look at the IIS Log and gather more
information as to the request that was refused and post that here.

Regards,

Trevor Benedict R
MCSD

"dpomt" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have overwritten Application_Error in my GlobalAsax to handle errors.
> From time to time, I am getting exceptions I have never seen before (see
> below).
>
> What do this exceptions mean? Why are they generated?
> Any help would be greatly appreciated.
>
> Dieter
>
>
>
> ------------------------------------------------------------
> System.Web.HttpException: Path 'OPTIONS' is forbidden.
> at System.Web.HttpMethodNotAllowedHandler.ProcessRequ est(HttpContext
> context)
> at
> System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
> at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
> completedSynchronously)
> ------------------------------------------------------------
>
> Instead of 'OPTIONS', I also retrieve 'PROPPATCH', 'MKCOL', 'PROPPATCH',
> 'PROPFIND' and some more.
>
>
> ----entry in Application event log--------------------------
>
> Event code: 3005
> Event message: An unhandled exception has occurred.
> Event time: 20.02.2006 23:51:13
> Event time (UTC): 20.02.2006 22:51:13
> Event ID: 6c0c170c49ce4b1c835f43bb5545eae2
> Event sequence: 37024
> Event occurrence: 73
> Event detail code: 0
>
> Application information:
> Application domain: /LM/W3SVC/512649521/Root-1-127848542499800179
> Trust level: Full
> Application Virtual Path: /
> Application Path: ...
> Machine name: ...
>
> Process information:
> Process ID: 1412
> Process name: w3wp.exe
> Account name: NT-AUTORITT\NETZWERKDIENST
>
> Exception information:
> Exception type: HttpException
> Exception message: Path 'OPTIONS' is forbidden.
>
> Request information:
> Request URL: http://.../
> Request path: /
> User host address: ...
> User:
> Is authenticated: False
> Authentication Type:
> Thread account name: NT-AUTORITT\NETZWERKDIENST
>
> Thread information:
> Thread ID: 5
> Thread account name: NT-AUTORITT\NETZWERKDIENST
> Is impersonating: False
> Stack trace: at
> System.Web.HttpMethodNotAllowedHandler.ProcessRequ est(HttpContext context)
> at
> System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
> at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
> completedSynchronously)
>
>
> Custom event details:
>
> Weitere Informationen ber die Hilfe- und Supportdienste erhalten Sie
> unter
> http://go.microsoft.com/fwlink/events.asp.
>
> ------------------------------------------------------------



 
Reply With Quote
 
 
 
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      02-21-2006
Hi Dieter,

As Trevor has said, the http verbs you posted seems non-ASP.NET specific
ones, some ones like PROPPATCH are http webdav verbs. Are you sure the
client is using webbrowser to visit the web pages in your ASP.NET web
applcations? Also, the Application_Error handler can only capture
exceptions which occur during the ASP.NET serverside pipeline, and the
error you encountere occurs before the request being processed in the
pipeline, that's why the Application_Error dosn't capture it.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)



 
Reply With Quote
 
=?Utf-8?B?ZHBvbXQ=?=
Guest
Posts: n/a
 
      02-21-2006
Hello Trevor,

thanks for your feedback.
Here are some lines of my IIS server log file:

2006-02-21 20:01:09 W3SVC512649521 xxx xxx OPTIONS / - 80 -xxx.xxx.xxx.xxx
HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - - 302 0 0 406 147 281
2006-02-21 20:01:09 W3SVC512649521 xxx xxx OPTIONS /error.aspx
aspxerrorpath=/ 80 - xxx.xxx.xxx.xxx HTTP/1.1
Microsoft-WebDAV-MiniRedir/5.1.2600 - - 200 0 64 0 173 203
2006-02-21 20:01:09 W3SVC512649521 xxx xxx PROPFIND /ofcscan - 80 -
xxx.xxx.xxx.xxx HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - - 302 0 0 420
165 328
2006-02-21 20:01:11 W3SVC512649521 xxx xxx .52 PROPFIND /error.aspx
aspxerrorpath=/ofcscan 80 - xxx.xxx.xxx.xxx /1.1
Microsoft-WebDAV-MiniRedir/5.1.2600 - - 200 0 0 31813 191 1218

2006-02-21 20:01:48 W3SVC512649521 xxx xxx GET
/officescan/cgi/cgiOnStart.exe
UID=11111111-5555-1111-1111-111111111111&DATE=20060221&TIME=210147&COMPUTER=ET 215&PLATFORM=Windows%20NT%205%2e1%2e2600&IP=192.16 8.x.xx&PTNFILE=322100&PROGRAM=5.58&ENGINE=8.000&EN CY=35&DOMAIN=xxxxxx&HOTFIX=20051205223206&INSTDATE =20030724&INSTTIME=143756&MOBILE=0&RELEASE=5.58&OP PSTATUS=0
80 - xxx.xxx.xxx.xxx HTTP/1.1 TMhtload/1.31.00.1234 - - 404 0 0 1795 516 218

It really seems that those requests are WebDAV requests.

/officescan/cgi/cgiOnStart.exe might be TrendMicro VirusScan.
The DOMAIN=xxxxxx in the query string gave me a hint: I know that the client
has the same domain name xxxxxx for his internal network as well as for the
(hosted) webserver. Probably WebDAV requests should stay in the local network
but are routed to the webserver.


Best regards,
Dieter
 
Reply With Quote
 
=?Utf-8?B?ZHBvbXQ=?=
Guest
Posts: n/a
 
      02-21-2006
Hello Steven,

please see my previous reply to Trevor. Really seems that WebDAV requests
are erroneously routed to the weberver.

> Also, the Application_Error handler can only capture
> exceptions which occur during the ASP.NET serverside pipeline, and the
> error you encountere occurs before the request being processed in the
> pipeline, that's why the Application_Error dosn't capture it.


Actually, my Application_Error does capture those exceptions.
I guess the reason for this is that I have added a wildcard application
mapping in IIS for aspnet_isapi.dll. I need this to protect all file types
with Forms Auth.

Best regards,
Dieter
 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      02-22-2006
Thank you for the response.

Since you've mapped all the wildcard application extension to the ASP.NET
extension, that makes some sense that your application recieve many
unexpected http requests. Anyway, if you manually forward some non-ASP.NET
friendly requests to asp.net runtime, you need to make sure you have proper
ASP.NET httphandlers to handle them.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
navyjax2 navyjax2 is offline
Junior Member
Join Date: Sep 2008
Posts: 12
 
      08-24-2010
Unfortunately, telling someone they need the proper handlers to handle their requests/file types doesn't tell someone what those proper handlers are. I found the answer I was looking for on another site and came back to share, since I think someone finding this thread with this same issue deserve as much:

For me, I was trying to serve a CSV file and got the Path 'OPTIONS' is forbidden error in my Event Log when I hyperlinked to it from my Default.aspx page and clicked that link. Funny thing is that I could still get my CSV file... anyway... It seems instead of a "GET", which I did have handled in my web.config file, IIS was using this "action" or "verb" 'OPTIONS' that I had no clue about. Why it has to use 'OPTIONS' instead of 'GET', well that's for the MS reps to tell us, I guess... anyway...

I added this to my web.config in the <configuration><system.web><httpHandlers>
section:

<add path="*" verb="OPTIONS" type="System.Web.DefaultHttpHandler" validate="true"/>

That way, as it was explained on the site where I found it, IIS is handling the serving, not the .NET Framework, WebDAV, or anything else.

-Tom
 
Reply With Quote
 
uwking uwking is offline
Junior Member
Join Date: Apr 2011
Posts: 1
 
      04-14-2011
This has stumped me for a few days and I found this thread, and hopefully some of you can help me.

I basically get Path 'MKCOL' is forbidden error when my WebDAV client sends a MKCOL request.

What's weird about this is that other WebDAV specific requests such as COPY, LOCK, UNLOCK requests pass and return proper responses.

It is just MKCOL that is not working.

I was using custom HttpModule before, and did not give me any issue with MKCOL.
but now I have switched to HttpHandler, and everything works but MKCOL.

MKCOL returns 405 Method Not Allowed response when it tries to create a collection on an existing collection, but this is not my case.

Any idea from anyone?
 

Last edited by uwking; 04-14-2011 at 03:23 PM..
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTP 403.1 Forbidden: Execute Access Forbidden David Hunt ASP .Net 4 10-04-2009 08:40 PM
IIS HTTP 403.1 Forbidden: Execute Access Forbidden Mark J. McGinty ASP General 2 12-09-2005 08:54 PM
Path 'OPTIONS' is forbidden Graham ASP .Net 1 02-23-2005 08:05 PM
"Path 'POST' is forbidden" Ollie ASP .Net 4 08-14-2004 04:25 PM
Path 'POST' is forbidden jack ASP .Net 0 12-11-2003 03:12 PM



Advertisments