Custom Errors


When a runtime or design-time error occurs within the application, ASP.NET will display a very helpful error page. For example, a compilation error (such as forgetting to declare that C# is used) generates an error page that describes the error, highlights the line of code, provides detailed compiler output, and the complete source for the page as shown in Figure 13-8.

click to expand
Figure 13-8:

While this is useful for aiding in debugging the application, you obviously wouldn't want to display this type of error detail to end-users. By default, this type of error detail is only available to requests to http://localhost :

Requests from other domains will display a helpful error page, without the details, that describes how to enable the ASP.NET application to show richer error messages to remote clients as shown in Figure 13-9:

click to expand
Figure 13-9:

This error page describes the <customErrors> section of configuration:

 <configuration>    <system.web>  <customErrors mode="Off" />  </system.web> </configuration> 

The <customErrors> section defines how ASP.NET behaves when an application error occurs, and provides you with a variety of options for how you want to handle these and other types of errors for your application.

Error Modes

When an error occurs, the mode attribute determines whether an ASP.NET error message is displayed. By default, the mode value is set to RemoteOnly . Supported values include:

  • RemoteOnly :ASP.NET error page is shown only to users accessing the server on the same machine (the localhost or 127.0.0.1). Non-localhost requests will first check the <error> settings, then use the defaultRedirect , or finally show an IIS error.

  • On :ASP.NET will use user -defined error pages and will not use the rich, developer oriented ASP.NET error page. If a custom error page is not provided, ASP.NET will show the error page describing how to enable remote viewing of errors.

  • Off :ASP.NET will always use ASP.NET's rich error page, with stack traces and compilation issues, when an error occurs.

Always Showing ASP.NET Error Pages

To always show the rich ASP.NET error page, such as cases when a team of developers are working against a single server, you could enable this mode by adding a web.config file with the following setting:

 <configuration>    <system.web>  <customErrors mode="Off" />  </system.web> </configuration> 

In a production environment, you'd want to leave the default setting, mode="RemoteOnly" , or mode="On" to ensure that remote users do not see rich error detail.

Custom Error Pages

For production applications, you'd always want to provide ASP.NET with a custom error page so that the end-user sees a friendly, helpful message rather than a developer-oriented message. There are two ways in which you can support custom error pages:

  • Default redirects :A defined error page that the client is redirected to whenever an error occurs on the system.

  • Custom redirects :A defined error page that the client is redirected to whenever a specific HTTP error occurs “ for example, the 404 Not Found error.

Let's look at both of these starting with default redirects.

Default Redirects

The defaultRedirect attribute of <customErrors> names the page to be redirected to when an error occurs:

 <configuration>    <system.web>  <customErrors defaultRedirect="/defaultError.aspx"/>  </system.web> </configuration> 

In this example, clients are redirected to the defaultError.aspx page whenever an error occurs. This only applies to ASP.NET-specific requests, so if you requested SomeRandomFile.aspx “ an ASP.NET file that doesn't exist on the server “ you would be redirected to defaultError.aspx . However, if you requested SomeRandomFile.asp “ an ASP file that doesn't exist at all “ you'd be redirected to the IIS- defined error page.

What if there is an error in the page we direct to ( defaultError.aspx ) when an error occurs? This could possibly lead to a circular reference; the page we are directed to causes an error and we are sent back to the same page again. ASP.NET detects this and will not cause the browser to continuously request the error page.

Custom Redirects

You can also send users to a custom error page depending upon the type of error that occurred. For instance, in case of a 404 Not Found error or an Access Denied error, the client can be routed to a specific error page tailored with an appropriate response “ for example 'Sorry, but you must be a valid user to access our site.'

You can create that page, and then instruct ASP.NET to redirect HTTP requests that generate the matching statusCode value for the HTTP status code. This is done through an <error> sub-element of <customErrors> . <error> supports two attributes:

  • statusCode :The HTTP status code to match. If a match is found, the request is redirected to the value defined in redirect .

  • redirect :The page that clients are redirected to.

Let's look at a compound example that sets a defaultRedirect page, leaves mode to the default setting of RemoteOnly , and defines a <error> element for 404 Page Not Found errors.

Note

The <error> settings only apply to ASP.NET requests, so the earlier SomeRandomFile.aspx example will now be redirected to FileNotFound.htm .

 <configuration>    <system.web>  <customErrors defaultRedirect="/defaultError.aspx" mode="RemoteOnly">   <error statusCode="404" redirect="/FileNotFound.htm"/>   </customErrors>  </system.web> </configuration> 

Configuring IIS and ASP.NET to Support Same Error Pages

It is possible to configure ASP.NET and IIS to support the same set of error pages. For example, IIS uses the same error page for 404 errors, located at \WINNT\Help\iisHelp\common\404b.htm .

You could create a virtual folder called Errors in the web site, and set the physical path of this virtual folder to \WINNT\Help\iisHelp\common\ . You could then modify your ASP.NET <error> as follows :

 <configuration>    <system.web>  <customErrors defaultRedirect="/defaultError.aspx" mode="RemoteOnly">   <error statusCode="404" redirect="/Errors/404b.htm "/>   </customErrors>  </system.web> </configuration> 

You could also do the reverse and set up IIS to support an ASP.NET error page, 404.aspx for example. Please see the IIS documentation for how to configure IIS custom errors to specific URLs.

ASP.NET's error handling system is very rich. You can provide a default custom error page to direct all errors to, or can customize the error page depending upon the error case (404 File Not Found, for example). Additionally, you have control over the type of error page shown to a type of request. The default mode, RemoteOnly , shows custom (user-friendly) errors to remote users, but shows rich ASP.NET errors to local clients.

As you can see, ASP.NET is attempting to address many of the shortcomings of ASP. Another of the shortcomings it addresses is authentication and authorization. That is, how to control access to resources served by the web server. Unless we used a custom solution, such as Site Server 3.0 or Commerce Server 2000 (and sometimes with these too), we had to have a good fundamental understanding of Windows security.

ASP.NET still has great support for Windows security, but it extends the options to include Microsoft Passport and HTML Forms-based authentication, as well as providing all the hooks. This allows us to build custom authentication and authorization solutions such as the Application_OnAuthenticate event discussed in the previous chapter.

Application authentication and authorization is, of course, also configured through the ASP.NET configuration system.




Professional ASP. NET 1.1
Professional ASP.NET MVC 1.0 (Wrox Programmer to Programmer)
ISBN: 0470384611
EAN: 2147483647
Year: 2006
Pages: 243

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net