If I were to specify a page for redirect using the ASP.NET Custom Errors feature, would my application still spit out the HTTP status code for that particular error?
For example if had a line in my web.config that had all Internal Server Errors redirect to Errors/500.aspx and then I encountered a 500 error, I would then be redirected to my custom Errors/500.aspx page. Will my application still respond with a HTTP 500 at any point in this exchange?
I'm just curious...
No, because your browser would interpret that 500 response as an error and show you it's error. Instead, it probably responds with one of the redirect status codes to send you to the defined error page.
Related
Currently, our ASP.NET Core 3.1 web api's error handling sends everything to our error controller using app.UseExceptionHandling('/error'). This controller logs the error and sends the error response our clients expect. Unfortunately, our logs contain each error twice because Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware logs the error before our error controller. How can we completely remove/replace Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware such that we (a) log the error only once and (b) completely replaces the response with our content?
We decided to use app.UseExceptionHandling('/error') over app.Use<CustomMiddlewareErrorHandler>() because changing the content in middleware always produced the "response already started" error that we never see when we use the error controller. I've found tutorials that advice testing whether the response has already started, but we always want to replace it. I suppose we need to flush the response or something like that.
Can someone point me to a practical example that (a) prevents double logging and (b) allows me to completely replace the response after an error?
I have configured the HttpErrors section in my web.config.
My custom error page is shown, but not when an exception occurs outside a web request (eg: Application startup, module initializing...), I get the following error:
The page cannot be displayed because an internal server error has occurred.
How can I make sure that my custom error page is ALWAYS shown?
You can't. The customer error pages are being configured at the start of the ASP.NET application, which fails in your case. There is no ASP.NET pipeline to handle the error pages.
Usually there is not much to do, besides making a proxy that filters out HTTP 500 error messages and replaces it with another message.
I have two ASP.NET MVC web apps running on the same server. One of them is a web service that returns an error message in plain text if an exception occurs. However, right now, some clients that call the web service don't receive the error message; instead, they simply receive "Bad Request" in HTML.
The second web app (on the same server as the first) can call a URL handled by the first one and, right now, correctly receives the error message in plain text. However, I have tried calling that URL other ways, and all of them have resulted in receiving "Bad Request":
Pasting the URL into Chrome on my computer
Pasting the URL into IE on the server
Calling the URL from a web app on a different computer from the server
This error does not occur locally. When I run the 2 web apps on my computer, I receive the error message in plain text from both the second web app and from calling the local URL from Chrome.
I have narrowed down the offending line of code to the first line of the following ActionResult snippet:
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return Content(errorMessage, ContentTypes.PlainText);
Removing the first line appears to fix the problem; however, that also eliminates the ability for me to use a descriptive status code. It appears to me that after the ActionResult is returned the response is being intercepted if either (a) the client is on a different computer or (b) the client is a web browser. So I guess I have a 2-part question:
Is there a reason why .NET or IIS would intercept and change a response depending on the client type or location?
Is there an easy way to view the response at any point between this code and when it's dispatched to the client?
Thanks!
Update: I changed the web app to use HttpResponseException. Now I am getting the following YSOD exception:
Processing of the HTTP request resulted in an exception. Please see
the HTTP response returned by the 'Response' property of this
exception for details.
Using MVC version 5, Visual Studio 2013. The code for the ActionResult looks like this:
MyImage image = new MyImage(parameters);
if (image.Errors.Any())
{
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent(image.Error) });
}
return File(image.AsJpeg(), ContentTypes.Jpeg);
Anyone have an idea how to bypass this unhelpful response?
Update 2: The issue turned out to be that the error message was being suppressed because of the Web.config setting system.webServer > httpErrors > errorMode which has a default value of "DetailedLocalOnly" and seems to be invoked in some cases for a reason I don't know (although this question may start to shed some light). Once I changed it to this, it worked as I expected:
<httpErrors errorMode="Detailed" />
I understand why they suppress error messages by default on remote machines, but this was a lot harder to track down than I would have thought. Anyway, I hope this is helpful to someone in the future.
I can't think of any reason why IIS would care what client was calling a service. My guess is that the client is sending a different request to the server than what you think it is sending. You can verify this by using a program called "Fiddler".
Also, I'd recommend following a pattern that returns a HttpResponseMessage like this when sending back information from a Web API call:
return new HttpResponseMessage(HttpStatusCode.BadRequest)
{
ReasonPhrase = message,
Content = new StringContent(string.Format("{0}", exception))
};
I have a page that's doing jQuery Ajax calls to a WebMethod in one of my ASPX pages. In some cases, my WebMethod is throwing an exception with an error message. This error message is really important for the UI, because it tells what to say to the user, so he can fix his form.
This is working fine in development environnement. But, in my production Web.Config, I need to keep customErrors set to "On", so I wont show important information. Moreover, my IIS is overriding HTTP 500 errors too.
I tried the WebServices from ASMX, and it was working perfectly. IIS wasn't overriding my HTTP 500, and customErrors was not hiding the message sent by the WebService. But migrating all my ASPX's WebMethods to ASMX files is not possible for now.
I'm looking for a guideline. How my UI can gets my WebMethod's errors, while keeping my Web.Config safe for production?
You should never show a yellow screen of death to a user.
Instead, consider implementing a Response object, contaning a boolean Success, an ErrorMessage (string) and the actual result data if needed.
You can then use a JavaScript callback and check if the call succeded. If it did not, just alert() the error message.
(HttpWebResponse)request.GetResponse() method returning status code 200 for Error Page instead of status code 400.
The Url is
http://onlinehelp.microsoft.com/zh-cht/office365-smallbusinesses/hh911992.aspx
when we open the above url in browser, it showing error page with message "We're sorry! We were unable to service your request."
But the status code return from webresponse is 200.
I code wriiten for it is
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(loclink);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
code = (int)response.StatusCode;
please help me to track this type of url?
It feels wrong, to be honest. I've been there too and was equally confused.
It's a so-called "soft error page". It's because the webserver redirects you to that page when it hits an error instead of transmitting the actual error page.
Seems that this server doesn't force status code for error pages, so you could try to check that this page contains special elements/words.
I've come up against this whilst trying to verify a security metrics issue with one of our sites.
The reason you get a 200 response and not a 400 is because the error is being handled by the server gracefully, rather than showing you the actual error page, it's catching it and redirecting you to a friendly "An unexpected error has occurred" page which will obviously show a 200 response.
To get the actual error code you can try requesting the page in Telnet via:
GET /zh-cht/office365-smallbusinesses/hh911992.aspx