We've configured our custom error pages as below for exceptions thrown by ASP.NET:
我们已经将自定义错误页面配置为如下所示:
<customErrors mode="On" redirectMode="ResponseRewrite">
<error statusCode="400" redirect="~/400.aspx"/>
<error statusCode="404" redirect="~/404.aspx"/>
<error statusCode="500" redirect="~/500.aspx"/>
</customErrors>
Setting redirectMode="ResponseRewrite" is important as it ensures the URL does not change (I believe ASP.NET performs a Server.Transfer instead of Response.Redirect).
设置redirectMode="ResponseRewrite"很重要,因为它确保URL不会改变(我相信是ASP)。净执行服务器。转移而不是Response.Redirect)。
Unfortunately this does not work for Request Validation Errors. For example, with custom errors enabled if I navigate to /some/page/<script> ASP.NET's request validation kicks in and a HttpException is thrown. However instead of displaying my custom error page I get the following message:
不幸的是,这对请求验证错误不起作用。例如,如果我导航到/一些/页/ <脚本> ASP,就启用了自定义错误。NET的请求验证启动,并抛出一个HttpException。但是,我没有显示我的自定义错误页面,而是得到以下消息:
Server Error in '/' Application.
“/”应用程序中的服务器错误。
Runtime Error
运行时错误
Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.
描述:处理请求时发生异常。此外,在为第一个异常执行自定义错误页时发生了另一个异常。请求已被终止。
Why is it that ASP.NET can not display my custom error page in this scenario? There is no code in the error page, just HTML so I know that the error page itself is not throwing any exceptions.
为什么是ASP。NET不能在这个场景中显示我的自定义错误页面吗?错误页面中没有代码,只有HTML,所以我知道错误页面本身不会抛出任何异常。
Also, if I catch the error myself in Application_Error and issue a Server.Transfer it works fine so I'm curious what ASP.NET is doing under the covers.
另外,如果我自己在Application_Error中捕获错误并发出服务器。我很好奇什么是ASP。NET是在幕后进行的。
If we are to handle this ourselves, is there a better solution than this?
如果我们自己来处理这个问题,有比这个更好的解决方案吗?
protected void Application_Error(object sender, EventArgs e)
{
var ex = Server.GetLastError() as HttpException;
if (ex != null
&& ex.Message.StartsWith("A potentially dangerous Request.Path value was detected from the client")
&& HttpContext.Current.IsCustomErrorEnabled)
{
Server.Transfer("400.aspx");
}
}
4 个解决方案
#1
2
To be sure that you not omit any error codes that could occur in you webapp you can add default error page:
要确保你没有遗漏任何可能出现在你的webapp中的错误代码,你可以添加默认错误页面:
<customErrors mode="On" defaultRedirect="Error.aspx" />
And if you want to catch only RequestValidationErrors than you can handle it in your global.asax file:
如果您只想捕获RequestValidationErrors,那么您可以在全局环境中处理它。asax文件:
void Application_Error(object sender, EventArgs e)
{
Exception ex = Server.GetLastError();
if (ex is HttpRequestValidationException)
{
Server.ClearError();
Response.Redirect("RequestValidationError.aspx", false);
}
}
#2
0
An issue with using the customErrors settings in a config file is that the redirection generated can cause a redirection HTTP status code (300 series) to be returned to the client/browser when you really wanted to send a server error HTTP status code (500 series) or a client error HTTP status code (400 series).
问题与使用customErrors设置配置文件生成的重定向可以导致重定向HTTP状态代码(300系列)返回给客户端浏览器/当你真的想要发送一个服务器错误HTTP状态代码(500系列)或一个客户端错误HTTP状态代码(400系列)。
To examine the HTTP status code returned by your website you can use Chrome's "More tools > Developer tools" display with the "Network" tab selected. Then you'll be able to see the HTTP status code returned by your web server back to the client/browser. If an invalid email address login was entered, a client error status should be returned (HTTP status 400 series) and not a redirection status code (300 series).
要检查你的网站返回的HTTP状态代码,你可以使用Chrome的“更多工具>开发者工具”,并选择“网络”选项卡。然后,您将能够看到web服务器返回给客户机/浏览器的HTTP状态代码。如果输入了无效的电子邮件地址登录,则应该返回客户端错误状态(HTTP status 400系列),而不是重定向状态代码(300系列)。
The "Runtime time" error listed with your question may have been caused by an unhandled validation condition which generated a server error. Such errors require further attention, but should return a server error code (500 series) in the HTTP response.
您的问题中列出的“运行时”错误可能是由未处理的验证条件导致的,该验证条件生成服务器错误。这些错误需要进一步注意,但是应该在HTTP响应中返回一个服务器错误代码(500系列)。
Web server errors are handled at two levels. One level is in the page content display, the other is in the returned HTTP status codes. Ideally, these will be consistent with one another.
Web服务器错误在两个级别处理。一个级别在页面内容显示中,另一个级别在返回的HTTP状态代码中。理想的情况是,它们彼此一致。
#3
0
void Application_Error(object sender, EventArgs e) {
Exception Ex = Server.GetLastError;
Logger.AddNewLog(Logger.LogType.ErrorLog, sender.ToString, "Error", (Ex.Message
+ (Environment.NewLine + Ex.StackTrace)));
Server.ClearError();
Response.Redirect("/Error");
}
#4
0
Place existingResponse="Replace" and subStatusCode="-1" in the httpErrors section of your web.config.
在web.config的httpErrors部分中放置存在响应=“替换”和subStatusCode=“-1”。
The page now comes up as 400 error and will display your error page.
页面现在显示为400错误,并将显示错误页面。
In your application
在您的应用程序
In your web.config 
在你的web . config
No need to use customErrors section
不需要使用customErrors部分
* #8 is a page where I generate a 500 error on purpose.
* #8是我故意产生500个错误的页面。
#1
2
To be sure that you not omit any error codes that could occur in you webapp you can add default error page:
要确保你没有遗漏任何可能出现在你的webapp中的错误代码,你可以添加默认错误页面:
<customErrors mode="On" defaultRedirect="Error.aspx" />
And if you want to catch only RequestValidationErrors than you can handle it in your global.asax file:
如果您只想捕获RequestValidationErrors,那么您可以在全局环境中处理它。asax文件:
void Application_Error(object sender, EventArgs e)
{
Exception ex = Server.GetLastError();
if (ex is HttpRequestValidationException)
{
Server.ClearError();
Response.Redirect("RequestValidationError.aspx", false);
}
}
#2
0
An issue with using the customErrors settings in a config file is that the redirection generated can cause a redirection HTTP status code (300 series) to be returned to the client/browser when you really wanted to send a server error HTTP status code (500 series) or a client error HTTP status code (400 series).
问题与使用customErrors设置配置文件生成的重定向可以导致重定向HTTP状态代码(300系列)返回给客户端浏览器/当你真的想要发送一个服务器错误HTTP状态代码(500系列)或一个客户端错误HTTP状态代码(400系列)。
To examine the HTTP status code returned by your website you can use Chrome's "More tools > Developer tools" display with the "Network" tab selected. Then you'll be able to see the HTTP status code returned by your web server back to the client/browser. If an invalid email address login was entered, a client error status should be returned (HTTP status 400 series) and not a redirection status code (300 series).
要检查你的网站返回的HTTP状态代码,你可以使用Chrome的“更多工具>开发者工具”,并选择“网络”选项卡。然后,您将能够看到web服务器返回给客户机/浏览器的HTTP状态代码。如果输入了无效的电子邮件地址登录,则应该返回客户端错误状态(HTTP status 400系列),而不是重定向状态代码(300系列)。
The "Runtime time" error listed with your question may have been caused by an unhandled validation condition which generated a server error. Such errors require further attention, but should return a server error code (500 series) in the HTTP response.
您的问题中列出的“运行时”错误可能是由未处理的验证条件导致的,该验证条件生成服务器错误。这些错误需要进一步注意,但是应该在HTTP响应中返回一个服务器错误代码(500系列)。
Web server errors are handled at two levels. One level is in the page content display, the other is in the returned HTTP status codes. Ideally, these will be consistent with one another.
Web服务器错误在两个级别处理。一个级别在页面内容显示中,另一个级别在返回的HTTP状态代码中。理想的情况是,它们彼此一致。
#3
0
void Application_Error(object sender, EventArgs e) {
Exception Ex = Server.GetLastError;
Logger.AddNewLog(Logger.LogType.ErrorLog, sender.ToString, "Error", (Ex.Message
+ (Environment.NewLine + Ex.StackTrace)));
Server.ClearError();
Response.Redirect("/Error");
}
#4
0
Place existingResponse="Replace" and subStatusCode="-1" in the httpErrors section of your web.config.
在web.config的httpErrors部分中放置存在响应=“替换”和subStatusCode=“-1”。
The page now comes up as 400 error and will display your error page.
页面现在显示为400错误,并将显示错误页面。
In your application
在您的应用程序
In your web.config
在你的web . config
No need to use customErrors section
不需要使用customErrors部分
* #8 is a page where I generate a 500 error on purpose.
* #8是我故意产生500个错误的页面。