Does this approach to using ELMaH with MVC smell? - asp.net-mvc

I've been looking around for some approaches to using ELMaH with ASP.Net MVC so that I can use the custom error page for all exceptions including 404s.
There is no shortage of questions asking how to get the /Shared/Error.aspx working correctly in ASP.Net MVC - either with or without ELMaH. I haven't had a problem with that task, but I feel as though my solution to using a custom 404 page alongside ELMaH was too simple and I can't shake the feeling that there should be more to it.
After enabling customErrors in Web.Config, I created a new Action in my HomeController:
public ActionResult PageNotFound()
{
return null;
}
From there I added a new method in my Global.asax file to take advantage of ELMaH's log filtering capabilities and, after letting the exception get logged, redirecting the response back to the aforementioned PageNotFound ActionResult:
public void errorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
if (e.Exception.GetType().Equals(typeof(HttpException)))
{
HttpException ex = (HttpException)e.Exception;
if (ex.GetHttpCode() == 404)
Response.Redirect("/Home/PageNotFound");
}
}
Am I overlooking something that comes with MVC by default (because I'm still finding my way for a lot of things regarding MVC), or overthinking the problem where a simpler solution exists? Appreciate any input.

I am sure ASP.NET can handle that kind of stuff for you, you don't necessarily have to call anything to redirect to your 404 Action inside your global.asax. See below for an example.
<configuration>
<system.web>
<customErrors mode="On">
<error statusCode="404" redirect="/servererrors/404.aspx" />
</customErrors>
</system.web>
</configuration>
http://www.xefteri.com/articles/show.cfm?id=11

Related

Custom error in asp.net mvc4 - Getting called with every request

I currently have Custom errors setup in a asp.net mvc4 web application in web.config
> <customErrors mode="On" defaultRedirect="~/Errors"> </customErrors>
public class ErrorsController : Controller
{
public ActionResult Index()
{
return Content("Unexpected Error - Please contact Administrator");
}
}
I am not sure why the Action Index gets called on every call even though there is no error
Would help if anybody can clarify this
Thanks
I am not sure why the Action Index gets called on every call even though there is no error
How do you know that there is no error? Maybe the browser is attempting to GET /favicon.ico which you forgot to include in your application and the server is throwing a 404 Not Found exception. Or maybe a missing javascript, css or image? Of course that's only one of the gazillions possible reasons why your Error action might be called.
Once inside the Error action you could always inspect the value of the Request.Url.AbsoluteUri to know more about the exact request sent by the client.
It could be your RouteConfig. If you have a specific route for the error that is being matched before the others than you would keep getting the error.

“A potentially dangerous Request.Form value was detected from the client”

How do I disable this page validation entirely and for good in ASP.NET MVC 3?
I have looked through the error message and the other questions with the same title. None of the suggested solutions help:
I do have a
<httpRuntime requestValidationMode="2.0" />
in the <system.web> section in Web.config.
I also do have a validateRequest="false" attribute on the <pages>...</pages> element.
But I am still getting the error. What else can I try?
Add the following line of code:
GlobalFilters.Filters.Add(new ValidateInputAttribute(false));
to the Application_Start() method.
Add [AllowHtml] to the action, parameter, or property.
EDIT: If you want to allow it anywhere, add new ValidateInputAttribute(false)] to GlobalFilters.Filters.

ASP.NET MVC 3 AuthorizeAttribute not working, not even being called

I was having trouble getting AuthorizeAttribute to work for an out of the box MVC 3 app. So I created my own attribute inheriting from AuthorizeAttribute and overriding all methods and adding break points to see what was going on.
But the problem is, the attribute code is NEVER called! Any idea what could cause this?
It is a completely blank MVC 3 app with a HomeController with an Index method. Form authentication set to redirect to ~/Account/LogOn. But it seems it just doesn't load the [Authorize] attribute...
EDIT:
Sorry guys, I must really be tired today :) it is in fact not a totally blank project. I have some Ninject code that provides a repository to my HomeController. If I disable this and create a parameterless constructor on the HomeController the AuthorizeAttribute seems to work ok.
Any idea why Ninject dependency injection would interfere with the Authorize attribute?
--
Christian
And you say you have the following settings on your web.config?
<authentication mode="Forms">
<forms loginUrl="~/Account/logOn" />
</authentication>
How are you using your authorize attribute, could we see some code?
You might want to take a look at this step by step "Authenticating Users with Forms Authentication" guide.
Creating a custom attribute and enabling Forms auth aren't enough. You still have to decorate the Controllers / Actions for which you want the filter to execute with the attribute.
[Authorize]
public ActionResult Index()
{
// ...your code
}
or
[Authorize]
public class HomeController
{
// ... your actions
}
Edit As tpeczek said in comments, also ensure that [Authorize] is using your AuthorizeAttribute and not System.Web.Mvc.AuthorizeAttribute.

How to redirect to error page in view in MS ASP.NET MVC?

In Controller, RedirectToAction("Error") can redirect to error page. How to write code in view code to allow the page redirected to error.aspx view?
You shouldn't need to handle reporting of errors inside MVC actions, and hard coding error behaviour makes finding a fixing issues harder than it needs to be.
Instead use the HandleError attribute and throw a regular exception:
[HandleError]
public class ThingController : Controller
{
public ActionResult DoStuff()
{
...
// uh-oh! throw exception
throw new WhateverException("message");
}
}
This will allow you to use the customErrors config flag to change your application's behaviour:
<customErrors mode="RemoteOnly" defaultRedirect="~/System/Error" />
Then locally you'll get an ugly but detailed yellow screen of death, plus debug will break on the thrown exception by default.
Remote users will get redirected to your SystemController.Error where you can have a nice user-friendly message and log the error.
This will work for controller actions and views in the same way.
#Jørn is right, but what kinds of errors are you predicting to show up in your view?
If you gave some details on why you're thinking about this, we might be able to suggest some better alternatives instead of simply saying "don't do this."

ASP.net MVC [HandleError] not catching exceptions

In two different application, one a custom the other the sample MVC application you get with a new VS2008 MVC project, [HandleError] is not catching exceptions.
In the sample application I have:
[HandleError]
public class HomeController : Controller
{
public ActionResult Index()
{
ViewData["Message"] = "Welcome to ASP.NET MVC!";
throw new Exception();
return View();
}
public ActionResult About()
{
return View();
}
}
which is just the default controller with an exception being thrown for testing.
But it doesn't work. Instead of going to the default error.aspx page it shows the debug information in the browser.
The problem first cropped up in a custom application I'm working on which led me to test it with the sample application. Thinking it had something to do with changes I made in the custom application, I left the sample application completely unchanged with the exception (yuck) of the throw in the index method.
I'm stumped. What am I missing?
In Web.config, change customErrors:
<system.web>
<customErrors mode="On">
</customErrors>
If mode is either Off or RemoteOnly, then you will see the yellow screen of death instead of the custom error page. The reasoning is that developers usually want the more detailed information on the yellow screen of death.
Important: Be careful that your error page itself does not have an error on it!
If it does you'll end up with that ASP.NET custom error page and end up going round in circles and tearing your hair out. Just strip everything out of the page that could possibly cause an error and test it.
Also with respect to 'customErrors' being ON or OFF there are several contributing factors to whether or not the friendly error page (your Errors.aspx) page will be shown or not.
See this blog (except below)
HttpContext.IsCustomErrorEnabled - looks at three different sources
The web.config's <deployment> section's retail property. This is a
useful property to set when deploying
your application to a production
server. This overrides any other
settings for custom errors.
The web.config's <customErrors> section's mode property. This setting
indicates whether custom errors are
enabled at all, and if so whether they
are enabled only for remote requests.
The HttpRequest object's IsLocal property. If custom errors are enabled
only for remote requests, you need to
know whether the request is from a
remote computer.
The idea here is that you can have 'customErrors' turned OFF during development - when you do want to see the errors, and then enable it for production only.
This MSDN article discusses the attribute further.
Another reason for this problem may be ,
In Template MVC Application (generated by VS2008 / VS2008 Express) , Error.aspx (generated by VS) uses Master Page.
If Master Page access any ViewData it will throw null reference Exception , then the error.aspx won't be shown.
Use this Simple code as your Error.aspx , it will solve the problem, (along with CustomErrors=On )
<%# Page Language="C#" Inherits="System.Web.Mvc.ViewPage<System.Web.Mvc.HandleErrorInfo>" %>
<%= Model.Exception.Message %>
I have struggled with this as well and I believe I understand the problem now.
In short the requirements for having [HandleError] work as expected are:
You must enable custom errors in web.config AND you must also specify where your error view is in the <customErrors> tag.
Example:
<customErrors mode="On" defaultRedirect="Error" />
Leaving off the defaultRedirect="Error" part will instead yield a 500 error in the browser--NOT the ASP.NET error page (YSOD).
Also you do not have to be in Release mode. I tested this with a Debug build and it worked fine.
My environment was Visual Studio 2010 using .NET 4 and the standard, "ASP.NET MVC 2 Web Application" project template.
What confused me was the MSDN documentation for the HandleErrorAttribute Class. It doesn't explicitly say you must turn on custom errors in web.config. And I assumed all I needed was the [Handle Error] attribute.
There is some silly situation which once happened with me, so might be helpfull for someone.
Be sure that you've added <customErrors mode="On" /> to the correct web.config file.
Sometimes (especially, when you work with something like Resharper, and open your files with typing their name, but not via Solution Explorer), you can simply open a web.config either from Views folder or even from another project.
Watch out: in my case I was trying to get the HandleError attribute to catch an exception thrown inside the Controllers constructor! Of course it won't catch it. The HandleError attribute only catches exceptions thrown inside Controller actions. It's right there in the MSDN page (should've paid more attention to that):
Represents an attribute that is used to handle an exception that is
thrown by an action method.
Another thing that was happening is that the Controller's OnException(ExceptionContext exceptionContext) overridden method was never being called. Again: of course it would not be called since I was throwing an exception inside the Controller's constructor.
I spent 1 hour trying to figure this out. :o) Hope it helps the next soul...
As a hint: remember that the HandleError attribute only catches 500 errors. For the other ones you should declare the <customErrors> section in Web.config:
<customErrors mode="On">
<error statusCode="403" redirect="~/403" />
<error statusCode="404" redirect="~/404" />
</customErrors>

Resources