Turn off customErrors for web service only - asp.net

My ASP.NET 2.0 web app includes a web service, which throws various exceptions along with custom error messages (e.g. "You do not have access to this item" etc.). These are shown on screen, in a ASP.NET AJAX callback handler.
The rest of the app is covered by some custom error pages, specified in the usual way in web.config.
<customErrors mode="RemoteOnly" defaultRedirect="Error.html">
<error statusCode="404" redirect="NotFound.html" />
<error statusCode="403" redirect="NoAccess.html" />
</customErrors>
My problem is if I have customErrors enabled in web.config, I lose my error messages returned from the web service - instead they are replaced with
"There was an error processing the request" - which isn't very useful for either me or the users.
Is there a way to turn off custom errors for just the web service?

Put your web service into separate directory and put additional web.config file in this directory. Each directory can have it own web.config containing settings of this directory (and directories inside this directory).

Yes, the custom errors element
can be defined at any level in the application file hierarchy.
So provided your WebService is in a folder you can add a web.config for that folder and turn them off.

Related

ASP.NET/IIS HttpErrors and access denied response

I have a site where only authorizated users can access.
I also have a custom error page if a 401.2 is raised.
I configured web.config in the following way:
<system.webServer>
<httpErrors errorMode="Custom">
<remove statusCode="401" subStatusCode="-1" />
<error statusCode="401" subStatusCode="-1"
path="ERRORS\unauthorized.html"
responseMode="File">
</error>
</httpErrors>
</system.webServer>
However when I try access to my site the following happen:
http://localhost --> the ERRORS\unauthorized.html is showed;
http://localhost/index.html --> the ERRORS\unauthorized.html is not showed and I can access the page!
I also noticed two things:
if I change the page to index.aspx the ERRORS\unauthorized.html is showed;
if I use a different statusCode, i.e., 404 the HTML page is showed.
so what am I not understanding? Where is my mistake?
P.S.
I'm using IIS 10 and .NET 4.7
What authentication are you using?
Assuming you are using Anonymous authentication at the IIS level and some kind of authentication in asp.net or system.web layer, the asp.net pipeline doesn't come into picture when you access the static files as they are handled by the static file handler. SO the authorization is not coming into picture. ALso try to configure the app pool to run in integrated mode and try, because integrated mode combines iis and asp.net pipeline, if youa are running in classic it won't
ALso to add another note on the line, 401.2 is a status responded back by the server that there is no user info being passed and client has to login, this doesn't necessarily have to deal with authorization and it is a way of authentication how servers work.

Stopping IIS 7.5 from passing non-existent pages to Coldfusion

Coldfusion is currently handling *.cfm and *.html pages. If I request a non-existing page, such as www.example.com/sadfasdfasd.cfm, IIS still passes the request off to the Coldfusion handler instead of directing to the IIS 404 error page. The Coldfusion handler responds with the Debugger page stating that the file is not found. How can I get IIS to check if a file exists before passing it to the handler. If it doesn't exist, I'd like it to display the 404 error page. Currently my error pages are setup to provide detailed errors for both local and remote.
If you go into IIS and turn off detailed error messages, it will display the IIS error rather than letting coldfusion handle it.
If you have access to the IIS Manager, go to the site > Error pages > "edit feature" on the right side. There is probably equivalent code you can put into your web.config file to handle this too.
You can choose any of the other options depending on your needs.
Please note this is also the feature that allows you to see the coldfusion errors from coldfusion's debugger.
Try adding an httpErrors entry to your root web.config file as follows:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpErrors errorMode="Custom">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="404.html" responseMode="File" />
</httpErrors>
</system.webServer>
</configuration>
Your custom 404.html page should also reside in the root folder.

customError on web.config-originated Server Error

NOTE
I've determined the the problem I'm describing below is specific to an error enountered loading DLL files specified in the web.config file. I would like to present a user-friendly error even in the case of web.config errors.
END NOTE
When my ASP.Net application encounters a server error I would like it to present a custom error message to the user instead of the following default scary message.
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
I wrote a very simple HTML page and put it in the root of my application. It is called MaintenancePage.htm.
I've set my web.config file to the following:
<customErrors mode="RemoteOnly" defaultRedirect="MaintenancePage.htm">
<error statusCode="404" redirect="PageNotFound.aspx" />
</customErrors>
I've also tried ~/MaintenancePage.htm and http://[mysite]/MaintenancePage.htm. None of those options seem to work.
The way I'm testing this is to rename a DLL my project depends upon and then loading up the site in a web browser. I would expect that since there is an error and a defaultRedirect set there should be no problem showing the error page, however, I'm obviously wrong.
I've search around concerning this problem and it seem that most people are trying to redirect to an aspx page, and are encountering error with doing that. Many even report that they can't get the aspx page to load as a defaultRedirect, but they can get an html page to load.
What could I be doing wrong here?
I should note that I'm doing my testing from a different network outside the company firewall, so changing RemoteOnly to On is not the issue per the documentation. In testing changing RemoteOnly to On had no effect, as expected.
Change RemoteOnly to On.
RemoteOnly:
Specifies that custom errors are shown only to remote clients and
ASP.NET errors are shown to the local host
Also, your URL may be absolute or relative.
Read more about the customErrors settings
To watch it work locally:
<customErrors mode="On" defaultRedirect="/MaintenancePage.htm">
<error statusCode="404" redirect="/PageNotFound.aspx" />
</customErrors>
Easier way to test.
Try a bad url and watch your 404 error take over
Put this on your default.aspx page <% throw new Exception("gaah"); %>
And one other thing to consider: Error Logging. Can be achieved easily through ELMAH.

Show message when web service is down

How to show the custom message when the web service which is use in web application is down.
You can use the app_offline.htm file on the root, that is the file that show the custom message
When you invoke the web service, if it's down, use the 'CustomErrors' attribute in the web.config to go to your custom error page. You can tailor it to display different messages based on error code.
<error statusCode="500" redirect="InternalError.htm"/>

Error Handling URLS that do not exist

I'm having problems with handling URLS that do not exist...
In my development environment, I navigated to http://localhost:XXXX/FakeLocation and would catch the HttpException and handle it properly.
When I deployed to my production location, I'm getting a 404 error when I navigate to http://MyProductionURL/FakeLocation. How can I make the production location throw the HttpException so my code can handle it similar to how it works in my development environment?
ASP.NET will only handle file extensions it is registered in IIS to handle. So if the page was foo.aspx, then by default, ASP.NET returns the 404 page as set in the web.config. And by default 404 for foo.xyz will be handled by IIS because IIS handles anything that doesn't have a mapping.
This page shows how to set up wildcard mapping so that all requests, regardless to extension are handled by asp.net.
You probably need to configure IIS on the production location. The easiest thing you can probably do is
Go to the Control Panel, and under Administrative Tools open Internet Information Services (IIS).
Right-click on your web site to bring up the properties.
Go to the Custom Errors tab
Select to the 404 error and edit properties on it.
Change the Message Type to URL.
Set the URL to the page you want them redirected to.
you can do this in the custom errors node of the web.config
<configuration>
<system.web>
<customErrors defaultRedirect="GenericError.htm"
mode="RemoteOnly">
<error statusCode="500"
redirect="InternalError.htm"/>
</customErrors>
</system.web>
</configuration>
Msdn Reference
Looks like IIS handle this exception and does not pass error to ASP.NET.
Please check http://www.chat11.com/How_To_Setup_A_Custom_404_Error_Handler_In_.NET

Resources