Custom Error not working

  • Thread starter Thread starter Nick
  • Start date Start date
N

Nick

the customError feature is not working. I have it setup as the help says in
my web.config file.

<customErrors defaultRedirect="DsAppError.aspx" mode="RemoteOnly"/>

I tried in a couple different parts of my site to throw a dummy exception
and I always get to the page that says change my web.config to the statement
above.
 
Is the documentation on this feature wrong? If customError is off then
according to the documentation you get a page generated with the error and
stack trace and no custom error pages will be shown.

What I want is for it to work like it says for remoteOnly. I want error and
stack trace info on the development or "local" system and that works fine.
On RemoteOnly I get a generated page with exception information. But on
RemoteOnly on any other machine I get a message saying you can replace this
page with a custom message. Well I have defined that but I do not know why
it doesnt work. If I turn the setting to Off like you suggested then remote
users get error and stack trace information which is not what I want.
 
Hi Nick,


Thank you for using Microsoft Newsgroup service. From your description,
you're wanting to set a custom error page in an ASP.NET web application
which will be shown for the remote client user when error occurs. And you
set the "customErrors" element as :
<customErrors defaultRedirect="DsAppError.aspx" mode="RemoteOnly"/>
in the web.config file. However, you found this didn't work. Is my
understanding correct? If anything wrong, please feel free to correct me.

Firstly, I'm sure your original setting as "<customErrors
defaultRedirect="DsAppError.aspx" mode="RemoteOnly"/>" is quite correct. So
I do feel abit strange as it doesn't work. Would you please try out the
following tests:

1. change the "mode=" as "On" and see whether it display the custom error
page("DsAppError.aspx") both on local or remote client?

2. If still fails to work, I think you may have a check on the error
page("DsAppError.aspx"), is it accessable or if there is something
incorrect with the error page? For example, you can try setting the
defaultRedirect page as
defaultRedirect="http://localhost/appname/DsAppError.aspx" to specify the
full path.

3. If still with no success after the above steps, would you try creating
another simple web application and provide a simple error page and set the
web.config as
"<customErrors defaultRedirect="customerrorpagename" mode="RemoteOnly"/>"

Also, you may try rebooting the IIS server. Or check the server enviroment.
Please try out the preceding suggestion. If you have any quesions or need
any help, please feel free to post here.



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
mode = On

local = My custom page shown but Server.GetLastError() returned null
remote = My custom page shown but Server.GetLastError() returned null

mode = RemoteOnly

local = Generated page shown with message and stack trace
remote = My custom page shown but Server.GetLastError() returned null

mode = Off

local = Generated page shown with message and stack trace
remote = Generated page shown with message and stack trace

Well, I changed a few things and all of a sudden it starts working, well
sort of. Looks like after setting it on and then to RemoteOnly it started
working.

I must be misunderstanding the help on Server.GetLastError().... Why is it
returning null in my DsAppError.aspx code?
 
I spoke to soon, it has stopped working again. I decided I wanted to show
error information my own way even on the local machine, so I set the
mode="On".

As soon as I did that and I ran the my test page, I was sent to a generated
page telling me to change my web.config file. This is making me crazy.
 
I think I have figured this out. I am using forms authentication which is
the problem.

The first test I made was on the 2nd page after the login page so the user
had logged in, went to my test page and got the test error. At this point
they were redirected to the error page but no matter what
server.GetLastError() returned null, not sure why.

I moved the test error to the login page. So when the login page comes up,
the error takes place and is redirected to the DsAppError.aspx but they have
not been authenticated so they are sent back to the Login.aspx but that is
where the error is. I am assuming that something is detecting the circular
page reference and stopping it and telling the user (me) to change the
web.config. But the real problem is the circular page reference.

I am not sure what authentication is the best way. I am taking users to the
login page to ask for user name and password and I am then going to check
that information against a table in SQL Server. It will not be the login to
sql server as that will be a fixed value but will be checked against a data
table.

Is there a better mode basic authentication for this setup than Forms
authentication or can I simply make the DsAppError.aspx a form that does not
recquire authentication?
 
Hi Nick,

Thanks for your response. I'm glad you've figured out the actual problem.
As for the Authenticaion Mode and the "circular page reference" problem you
mentioned. Here is my suggestion:

I think the Form Authentication is a very convenient and flexible means of
authentication since it provide a simple implementation and custom account
checking(via custom database or other user list). The problem cause the
circular page is that the custom error page is authentication protected so
that unauthenticated user we be redirect to login page. I've also used the
FormAuthentication before , and use a common custom error page. My solution
is to set all those common pages such as "register page" , "about page" or
"custom error page", "custom success info page" 's permission as
<alow user="*"> , only set strict permission for certain part of
pages(which may have important infos)
Thus, the unauthenticated users(anonymous) can also visit those those
common page.
How do you think of this?

In addition, as for the other authentication mode you mentioned, I think
the basic or windows mode may appropriate for the intranet situation. As
for the internet based web application, those no OS dependant
authentication mode such as "Forms" or "Passport" maybe more proper. For
detailed discusion on the Authenticaion mode in ASP.NET , you may view the
following tech articles in MSDN:
#Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication

http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp?frame
=true

Hope it is helpful.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Hi Nick,

Have you had a chance to try out my suggestion or have you resolved the
problem? As for setting different access role for
different page or folder in the web.config I mentioned in the last reply,
I've found a KB article which detailedly focus on this topic, I believe it
will be helpful to you:

#HOW TO: Control Authorization Permissions in an ASP.NET Application
http://support.microsoft.com/?id=316871

If you need any further assistance, please feel free to let me know.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Back
Top