I will try my best to explain the exception I am facing. I have an application built with dotnet core 2.1 running under localhost:5000. I have applied the global exception handler within the startup class to handle any exception thrown by the application. I have tested this functionality and its working absolutely fine. However, if I pass this 'http://localhost:5000/redirect=https%3a%2f%2fey.com' in the url it throws an exception but doesn't get caught within the application. Please refer to the screenshot attached. My requirement is to redirect the user to a generic error page.
[EDITED] This issue was found during QA testing. Also, 'redirect' is not a keyword here, if we try to replace redirect with any random character throws the same exception. eg 'http://localhost:5000/a=https%3a%2f%2fey.com'
Related
I have a .net 5.0 Blazor serverside web app that calls a .net 5 Api via Refit. When I run the app locally it works fine, but after i deploy the API and the Web app to Openshift the app loads and does the initial get fine, but if i try to update one of the records I get an error
Error: Refit.ApiException: Response status code does not indicate success: 500 (Internal Server Error).
at Refit.RequestBuilderImplementation.<>c__DisplayClass14_0`2.<<BuildCancellableTaskFuncForMethod>b__0>d.MoveNext() in /_/Refit/RequestBuilderImplementation.cs:line 270
--- End of stack trace from previous location where exception was thrown ---
The setup of the refit is as follows
[Patch("/MyEntity/")]
Task<bool> PatchMyEntityAsync([Body] MyEntity entity);
[Patch("/MyEntity/")]
Task<bool> PostMyEntityAsync([Body] MyEntity entity);
[Get("/MyEntity/{id}")]
Task<MyEntity> GetByIdAsync(int id);
[Get("/MyEntity/")]
Task<IEnumerable< MyEntity >> GetMyEntitiesAsync();
This all works locally but not when deployed. I am using refit version 6.0.94
When its deployed the GetMyEntitiesAsync() and GetById works but NOT the Post or Patch, locally all 4 works. When deployed i get the 500 exception. The Api is not being hit at all so refit seems to be throwing the exception
I have a list which loads fine via the API, when i click edit GetById loads the edit page fine, the strange thing is if I click the Save or even the cancel button which simply fires
NavigationManager.NavigateTo("/myEntity_list")
When the list page open again I also get the 500 error as above!
The Hosted version of the App and API are hosted on Linux Docker container. Locally where it works is Windows 10.
I saw a similar issue here where refit json serialization being changed from Newtonsoft to System.Text.Json as the json produced by both is slightly different, and can require some adjustments. Alternatively, you can tell Refit to use Newtonsoft to serialize the json.
https://github.com/reactiveui/refit/issues/1122
I was getting the same exception when not disposing the HttpResponse at client side. Perhaps may have a look if you forgot disposing. Everything worked fine locally and i spent a lot of time figuring this out.
I'm hosting an ASP.NET Core 3.1 web app with IIS 10, and it's throwing the following exception when trying to hit my API's through Postman:
System.Security.Authentication.AuthenticationException: System error.
at Microsoft.AspNetCore.Authorization.AuthorizationHandler`1.HandleAsync(AuthorizationHandlerContext context)
at Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(ClaimsPrincipal user, Object resource, IEnumerable`1 requirements)
at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, Object resource)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
When using Postman on the machine running the web app, I can make successful HTTP requests and not have any issues. It seems to only be happening when trying to make external requests, but the error text is extremely unhelpful and I'm not sure where to begin diagnosing. As far as I can tell, the directory containing the web app project files doesn't have any specific security restrictions and the Application Pool is using an account with sufficient permissions to access and use them.
Has anyone seen error text like this before, or have any idea what the issue might be?
As it turns out, this exception was being thrown as a result of an incorrect database connection string. This particular request checks against a local database to ensure the user exists there.
Strangely enough, I've encountered this same type of issue before (where a database connection string is broken / changed at some point), but the resulting exception was much more specific in its Exception text and stack trace. The only thing I can't explain here is why the above error is so generic.
I have an ASP.NET Core (2.2) app, and I'm trying to figure out how to prevent the generic "An error occured...." message that shows very specific deatils about the error or even the stack trace and line numbers in my code.
Both upon starting up the app and any time later in the app.
I thought I could use:
app.UseExceptionHandler("/Home/Error");
and any unhandled exceptions will be caught by the middleware and then the user will be sent to my Home controller and Error view.
But this doesn't happen.
I forced errors to occur in my Startup.cs and later on in some of my Razor Pages, and I either see a blank page or I still see the very descriptive error page with error details and stack trace. Which I of course do not want in production.
Am I misunderstanding how this middleware works and how to accomplish what I'm looking to do?
Basically, asp.net core Configure method has following middleware by default
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{//for production
app.UseExceptionHandler("/Home/Error");
}
And you will find the Error.cshtml in Views/Shared/Error.cshtml which only shows the RequestId without detailed inforamtion in production by default.
If you want to use app.UseExceptionHandler("/Home/Error"); in development mode for a test, then just remove the above if/else block and use the code directly, then it will direct you to the error page in development.
I would like to display custom error message when authentication fails in IdentityServer4. Namely I want to show what went wrong, e.g. "invalid redirect url" or "invalid authentication flow". When authentication fails I see only that exception occured but for what happened I need to go into logs. In this case I would like to know that e.g. redirect url is wrong directly. How can I achieve that?
I'm thinking about some exception filter or custom middleware on ASP.NET Core. However it seems to me that exception filter won't work since that is MVC stuff and exception occurs in the IdentityServer middleware. And I am not sure how to create the middleware so it shows the error and also manages to use the same layout and ui parts as in MVC views. Is there another way? Maybe some extension points I did not see?
I have a lot of filters, which are using HttpContext.IsCustomErrorEnabled in MVC 5. One of such filter is JsonExceptionFilter, to simply return status without full error when exception is fired on Production environment. The details of exception are returned based on CustomeErrors enabled. So in rare cases I can see production/staging error just by chanign this option in web.config. However in ASP.NET Core there is no such option because redirection is done by ExceptionHandler middleware.
Is there any way to check if redirection (custom error) is enabled?