So I have a web page written in C# for ASP.NET and in some cases it returns a custom error.
For example, at one point it can be like:
Response.StatusCode = 400;
Response.Status = "A long custom error message here.";
Response.Write(Resonse.Status);
and when I open this up locally (through http://mymachinename/foo/bar.aspx) I see my custom error message. When I deploy it to a remote server I just see my custom error message overwritten with the text "Bad Request" (that's all). It must be some configuration, but I can't find it.
Check to see if you have the httpErrors attribute defined in your web.config.
<system.webServer>
<httpErrors existingResponse="PassThrough" />
</system.webServer>
Servers can have their own configuration files with error codes like you mentioned. For example, editing the .htaccess file on an apache server will allow you to link your own error pages to the exceptions, or you can just write in the markup yourself to save some time.
Update
You can also do
Response.TrySkipIisCustomErrors
if you are using IIS that is.
Additional Info
http://blogs.iis.net/ksingla/archive/2008/02/18/what-to-expect-from-iis7-custom-error-module.aspx
Those solutions provided by other guys are perfectly valid, But I think you can control it from you IIS Manager too, if there is a defined error page with code 400, Open your IIS Manager, go to .Net Error Pages, look for error code 400 click on edit feature setting on the right panel then select Off in the opened Edit Error Page Setting window.
Related
I am attempting to create a custom error page display to run in my app when there is an issue with the database connection string.
When I alter the string to something invalid, I receive the error mentioned in the title above.
Is there any way to override this page and show a more informative one that would tell me that my DB connection string is wrong?
There is a InvalidOperationException that is thrown in the Startup.cs file, but I'm unsure on how to extract this from the startup file and use it, when my app fails to start in the first place.
Is this possible to do?
You can disable the default error page by using the disableStartUpErrorPage="true" setting in web.config for the IIS hosting module. This will just fallback to another custom error page of your choosing served by IIS, rather than allowing you to show a dynamic custom page.
Documentation
Asp.Net MVC application
When user tries to submit HTML or JavaScript code in query string of action method , getting Internal server error(500) with below exception..
A potentially dangerous Request.QueryString value was detected from the client (userid="'"-->..script..").
I have enabled the custom error mode so that end user is redirecting the custom error page for any XSS attacks.
But when I run NETSPARKER ENTERPRISE SCAN against action method with javascript code in query string , report coming as Internal server error - The server responded with an HTTP status 500.
What is the best practice to handle this internal server issue.
Suggestion: Custom Error handler
I am not sure about best practice, but what I use is <customErrors> in the web.config to redirect the user to a "nice" web page. The page it redirects to can be a plain HTML, ASPX etc. The nice thing is that you can setup a default custom error page, plus individual ones based on HTTP Status Code.
Follows is a snippet from my web.config for a default error code handler, plus one for HTTP 500 (Internal Server Error) which is what you are getting for the A potentially dangerous Request.QueryString value was detected error:
<customErrors mode="On" redirectMode="ResponseRedirect" defaultRedirect="~/dangitall.html">
<error statusCode="500" redirect="~/dangitall500.html" />
</customErrors>
dangitall.html is a standard HTML page for all error. Its overridden by dangitall500.html which will display for HTTP 500 errors. The contents of these HTML pages can be whatever you want: warn the user, abuse the user etc :)
Follows is a link to the Microsoft tech article regarding custom errors and all of the possible attribute settings etc:
https://learn.microsoft.com/en-us/dotnet/api/system.web.configuration.customerror?view=netframework-4.8
In my .Net Core 2.2 application, I have a WebAPI controller that may return response codes 400 and 409.
In the development environment, I can see those codes along with the error messages. But when I deploy the application to the production environment (a virtual machine in Azure) I see just 500 errors without any details. Can anybody explain how to force IIS to return the initially sent error responds?
I return the error responds with the code like the following:
return StatusCode((int)HttpStatusCode.BadRequest, new { Message = errorMessage });
Finally, I have turned on the Failed requests tracing and it gave me a clue. The cause was in the fact that the same MIME type was configured twice, one time globally at the IIS level, and the second time at the website level. Once I removed the problematic MIME-type from the website configuration all started working correctly.
If someone have the same problem, I solved in the Error Pages area from IIS configuration. When I tried to click, I received a error with the path of web.config from another project. When I solved this error from web.config, the Error Page open correctly and everything work again.
[![enter image description here][2]][2]
In below picture how to avoid showing of framework versions in default error message by IIS?
In below picture how to avoid showing of framework versions in default error message by IIS?
As far as I know, if you set the custom error's mode attribute to On or remoteonly in the web.config. It will hide the details information for the error message and framework versions in default error message by IIS like below:
There is no need to hide the framework versions when you debug the whole application in the server, since customer will not see the details error message.
yes create a custom response
If you want to create a custom error handler for asp.net web api, I suggest you could try to create a class inherits ExceptionFilterAttribute and overried the OnException method.
More details, you could refer to below answer's error handling part.
https://stackoverflow.com/a/22163675/7609093
Is there a good way to exclude some errors from being redirected to the default custom error page?
I'm using aspnet membership provider and have just discovered that if for example a user tries to change their email address to one that is already in the system, rather than show the error message warning in the style of a validation error as was designed, since I turned on custom errors, it just redirects to the standard error page.
Do I need to specifically exclude error codes for this problem?
Here is the custom error section in the web config:
<customErrors mode="On" defaultRedirect="/Error/Error500" />
Thanks very much
You need to stop the exception bubbling up in this case, and implement some validation to check if the email address exists.
Your call to CreateUser should return a MembershipCreateStatus as an error code.
MembershipCreateStatus.DuplicateEmail
See here for more error codes.