We have an MVC 4 web application where we use the web.config file to handle custom errors.
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="403" />
<error statusCode="403" responseMode="ExecuteURL" path="/Error/AccessDenied" />
<remove statusCode="404" />
<error statusCode="404" responseMode="ExecuteURL" path="/Error/NotFound" />
<remove statusCode="500" />
<error statusCode="500" responseMode="ExecuteURL" path="/Error/ApplicationError" />
</httpErrors>
</system.webServer>
All ,of which works as expected.
We are now beginning to implement some new features in this project using AngularJS and Web API. In our Web API controller actions, we are consistently returning a HttpResponseMessage to indicate success/failure of the call. For example:
return Request.CreateResponse(HttpStatusCode.BadRequest, result);
The problem (I think!) we are having is that originally MVC error handling is intercepting the BadRequest result (as is reasonable) so that the HttpResponseMessage result data never gets returned to the calling AngularJS method.
What is the best way to handle errors in this mixed (MVC/Web API) environment so that the Web API HttpResponseMessages are not lost?
Thanks.
I am not sure I have found the best solution, but in the end I removed the httpErrors section from the Web.config and built my own error handler in the Global.asax assisted by the following posts:
StackOverflow
PrideParrot
Global.asax
public void Application_Error(Object sender, EventArgs e)
{
var httpContext = ((MvcApplication) sender).Context;
var currentController = "";
var currentAction = "";
var currentRouteData =
RouteTable.Routes.GetRouteData(new HttpContextWrapper(httpContext));
if (currentRouteData != null)
{
if (
!String.IsNullOrEmpty(
currentRouteData.Values["controller"]?.ToString()))
{
currentController = currentRouteData.Values["controller"].ToString();
}
if (!String.IsNullOrEmpty(currentRouteData.Values["action"]?.ToString()))
{
currentAction = currentRouteData.Values["action"].ToString();
}
}
var ex = Server.GetLastError();
var httpEx = ex as HttpException;
var controller = new ErrorController();
var routeData = new RouteData();
var statusCode = httpEx?.GetHttpCode() ?? 500;
string action;
switch (statusCode)
{
case 400:
action = "BadRequest";
break;
case 403:
action = "AccessDenied";
break;
case 404:
action = "NotFound";
break;
default:
action = "Index";
break;
}
httpContext.ClearError();
httpContext.Response.Clear();
httpContext.Response.StatusCode = statusCode;
httpContext.Response.TrySkipIisCustomErrors = true;
if (statusCode >= 500)
{
Server.Transfer("/Error/ServerError.html");
return;
}
routeData.Values["controller"] = "Error";
routeData.Values["action"] = action;
routeData.Values["statusCode"] = statusCode;
controller.ViewData.Model = new HandleErrorInfo(ex, currentController,
currentAction);
((IController) controller).Execute(
new RequestContext(new HttpContextWrapper(httpContext), routeData));
}
My error controller then looked like this:
[AllowAnonymous]
public sealed class ErrorController
: AblController
{
public ActionResult Index(int statusCode)
{
ViewBag.StatusCode = statusCode;
return View("Error");
}
// HTTP 400 - Bad Request
public ActionResult BadRequest()
{
// Now handled by Global.asax - Application_Error
// Response.StatusCode = (int) HttpStatusCode.BadRequest;
// Response.TrySkipIisCustomErrors = true;
if (Request.IsAjaxRequest())
{
return Json(
new
{
error = new ErrorSummary("Bad Request")
});
}
return View();
}
// HTTP 403 - Access Denied
public ActionResult AccessDenied()
{
// Now handled by Global.asax - Application_Error
// Response.StatusCode = (int) HttpStatusCode.Forbidden;
// Response.TrySkipIisCustomErrors = true;
if (Request.IsAjaxRequest())
{
return Json(
new
{
error = new ErrorSummary("Access Denied")
});
}
return View();
}
// HTTP 404 - Not Found
public ActionResult NotFound()
{
// Now handled by Global.asax - Application_Error
// Response.StatusCode = (int) HttpStatusCode.NotFound;
// Response.TrySkipIisCustomErrors = true;
if (Request.IsAjaxRequest())
{
return Json(
new
{
error = new ErrorSummary("Not Found")
});
}
return View();
}
}
}
I also turned the custom error mode off in the Web.config
<customErrors mode="Off" />
This solution needs more testing, but so far it seems to be performing as expected/as required.
Related
I have a problem when combining ASP.NET custom errors and use DataTables in a view.
If DataTables tries to get data from the server and an error occurs, first, the error is caught by ASP.NET MVC in Application_Error and from there it is passed to the Index action in the ErrorController with the exception information.
However, the error page is not displayed, instead the browser jumps to the DataTables error handling in javascript.
I can force the page to be displayed, as in the code below (window.location), but I would like the error page with the original exception to be displayed. If I omit the window.location part, no error page is displayed, even though the Index action in ErrorController is triggered.
Here is my code:
Global.asax:
protected void Application_Error(object sender, EventArgs e)
{
Exception exception = Server.GetLastError();
Server.ClearError();
// Redirect to error page
var routeData = new RouteData();
routeData.Values.Add("controller", "Error");
if (exception.GetType() == typeof(HttpException))
{
// Save error log
Log.WriteLog(exception, "", Session["userName"] as string);
var code = ((HttpException)exception).GetHttpCode();
if (code == 404)
{
routeData.Values.Add("action", "NotFound");
}
else if (code == 403 || code == 401)
{
routeData.Values.Add("action", "NotAuthorized");
}
else
{
routeData.Values.Add("action", "BadRequest");
routeData.Values.Add("statusCode", 400);
}
}
else
{
routeData.Values.Add("action", "Index");
routeData.Values.Add("statusCode", 500);
}
routeData.Values.Add("exception", exception);
// Redirect to error pages
Response.TrySkipIisCustomErrors = true;
IController controller = new ErrorController();
controller.Execute(new RequestContext(new HttpContextWrapper(Context), routeData));
Response.End();
}
ErrorController:
public ActionResult Index(dynamic exception, int? statusCode = 500)
{
Response.StatusCode = statusCode.Value;
Response.TrySkipIisCustomErrors = true;
ViewBag.Message = (exception is String[]) ? exception[0] : exception.Message;
return View("Error500");
}
DataTables error handling:
$.fn.dataTable.ext.errMode = 'throw';
$("#tblMSLs").on('error.dt', function (e, settings, techNote, message) {
console.log('Error in DataTables tblMSLs: ', message);
window.location.href = `${webOrigin}Error?exception=${message}&statusCode=500`;
});
I have this api as you can see :
[HttpGet("CreateToken")]
public IActionResult CreateToken()
{
string tokenString = string.Empty;
tokenString = BuildJWTToken();
return Ok(new { Token = tokenString });
}
I use nswagger studio to generate my api code as you can see in my MVC core
public System.Threading.Tasks.Task CreateTokenAsync()
{
return CreateTokenAsync(System.Threading.CancellationToken.None);
}
/// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
/// <returns>Success</returns>
/// <exception cref="ApiException">A server side error occurred.</exception>
public async System.Threading.Tasks.Task CreateTokenAsync(System.Threading.CancellationToken cancellationToken)
{
var urlBuilder_ = new System.Text.StringBuilder();
urlBuilder_.Append(BaseUrl != null ? BaseUrl.TrimEnd('/') : "").Append("/api/Default1/CreateToken");
var client_ = new System.Net.Http.HttpClient();
try
{
using (var request_ = new System.Net.Http.HttpRequestMessage())
{
request_.Method = new System.Net.Http.HttpMethod("GET");
PrepareRequest(client_, request_, urlBuilder_);
var url_ = urlBuilder_.ToString();
request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
PrepareRequest(client_, request_, url_);
var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
try
{
var headers_ = System.Linq.Enumerable.ToDictionary(response_.Headers, h_ => h_.Key, h_ => h_.Value);
if (response_.Content != null && response_.Content.Headers != null)
{
foreach (var item_ in response_.Content.Headers)
headers_[item_.Key] = item_.Value;
}
ProcessResponse(client_, response_);
var status_ = ((int)response_.StatusCode).ToString();
if (status_ == "200")
{
return;
}
else
if (status_ != "200" && status_ != "204")
{
var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
throw new ApiException("The HTTP status code of the response was not expected (" + (int)response_.StatusCode + ").", (int)response_.StatusCode, responseData_, headers_, null);
}
}
finally
{
if (response_ != null)
response_.Dispose();
}
}
}
finally
{
if (client_ != null)
client_.Dispose();
}
}
This code is generated by NswaggerStudio .
So when I want to call my createtoken API as you can see i couldn't get the token in the result:
public async Task<IActionResult> Index()
{
var q = myapi.CreateTokenAsync();
ViewBag.data = q;
return View(q);
}
And the view
<div class="text-center">
<h1 class="display-4">#ViewBag.data</h1>
<p>Learn about building Web apps with ASP.NET Core.</p>
</div>
And here you can see the result
Unfortunately, you cannot return result in this way.
To return any model your returning type in method should look like something like this
[HttpGet("CreateToken")]
public IActionResult<TokenModel> CreateToken()
{
string tokenString = string.Empty;
tokenString = BuildJWTToken();
return Ok(new { Token = tokenString });
}
Check this for more information
There is an alternative solution to this with ProducesResponseType (part of Microsoft.AspNetCore.Mvc).
Setting the typeof to the correct value you wish to return, will let swagger generate the json correctly. Which in turn allows nswag studio to generate
[HttpGet("CreateToken")]
[ProducesResponseType(typeof(Token), StatusCodes.Status200OK)]
public IActionResult CreateToken()
{
string tokenString = string.Empty;
tokenString = BuildJWTToken();
return Ok(new { Token = tokenString });
}
So I am using LDAP to authenticate my users, and this works fine for most all of my users, but for some of them it does not. I know for a fact I have two users that it is not working for. The code pulls down all the information about the person, creates a formsAuthenticationticket, but when it gets to [authorize] it just bounces them back to the login page. The question is why?
Login controller:
[AllowAnonymous]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
string logon_user = model.UserName.ToString();
string logon_password = model.Password.ToString();
ConnHelper connhelper = new ConnHelper();
string encryptedTicket = null;
String adPath = "#####"; //Path to the 2003 LDAP directory server
ADAuthorize adAuth = new ADAuthorize(adPath);
FormsAuthenticationTicket authTicket = null;
try
{
if (true == adAuth.IsAuthenticated("#####", logon_user, logon_password))
{
string groups = adAuth.GetGroups();
Account acc = new Account();
acc.windows_id = logon_user;
acc.password = logon_password;
acc.gers_id = connhelper.GetGersID(acc.windows_id);
acc.region = connhelper.IsNull(connhelper.GetRegionManager(acc.gers_id));
acc.home_store_region = connhelper.IsNull(connhelper.GetHomeStoreRegion(acc.gers_id));
acc.store_group = connhelper.IsNull(connhelper.GetStoreGroup(acc.gers_id));
acc.home_store = connhelper.IsNull(connhelper.GetStore(acc.gers_id));
acc.arr = connhelper.GetStores(acc.gers_id);
//acc.home_store_phone = misc.IsNull(misc.GetHomeStorePhoneNumber("hzs"), "");
acc.home_store_phone = connhelper.IsNull(connhelper.GetHomeStorePhoneNumber(acc.gers_id), "");
acc.full_name = connhelper.IsNull(connhelper.GetFullName(acc.gers_id), "");
// Onlt use the following in the core
// acc.full_name = adAuth.getuserFname("#####", logon_user, logon_password);
misc.GetStore(acc.gers_id);
//Add information to the session
Session.Add("roles", groups);
Session.Add("Account", acc);
// Create the authentication ticket
authTicket =
new FormsAuthenticationTicket(1, // version
acc.windows_id,
DateTime.Now,
DateTime.Now.AddMinutes(500),
false, groups);
// Now encrypt the ticket.
encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
if (FormsAuthentication.GetRedirectUrl(acc.windows_id, false).EndsWith("Logout.aspx"))
{
return RedirectToAction("Login", "Account");
}
//
// Validate code this does the redirect to where you want the logged in person to go to.
//
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "Authentication failed, check username and password.");
return View(model);
}
}
catch (Exception ex)
{
ModelState.AddModelError("", "Error authenticating. " + ex.Message + ex.StackTrace);
return View(model);
}
// return View(model);
}
Adauth is authenticated ( this returns true even for the people who get bounced)
public bool IsAuthenticated(string domain, string username, string pwd)
{
cred(username, pwd);
string domainAndUsername = domain + #"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("SAMAccountName");
//search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (String)result.Properties["SAMAccountName"][0];
//_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
return true;
}
Then the home index controller
[HttpGet]
[Authorize]
public ActionResult Index()
{
//grab all events and pass to view
//
int count = D.getEventRows();
if (count != 0)
{
Event[] events = new Event[count];
events = D.getEvents(count);
ViewBag.host = globals.hosts();
ViewBag.events = events;
DateTime curr = DateTime.Now;
ViewBag.curr = curr;
return View(events);
}
return View();
}
web config:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="28800" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
I have defined my Custom Error pages in my global.asax.cs and can get them working locally in IIS Express with VS 2013, but when I publish to the server running IIS 7 the 401 and 403 errors do not display the custom error page but rather return a 500 and not the custom 500 page either. I've tried many solutions found here on SO but none have worked. Anyone have any thoughts?
Web.Config portions:
<system.web>
<customErrors mode="On" defaultRedirect="~/Error">
</customErrors>
</system.web>
<system.webServer>
<httpErrors existingResponse="PassThrough" />
</system.webServer>
Global.asax portions:
protected void Application_Error()
{
string descriptor = null;
string errMsg = null;
string additionalInfo = null;
string title = null;
Exception lastError = null;
Exception ex = null;
if (HttpContext.Current.Server.GetLastError() != null)
{
ex = HttpContext.Current.Server.GetLastError().GetBaseException();
if (ex.GetType() == typeof (HttpException))
{
HttpException httpException = (HttpException) ex;
switch (httpException.GetHttpCode())
{
case 404:
title = "Not Found";
descriptor = "Page Not Found";
errMsg =
"The page you requested could not be found, either contact your webmaster or try again. Use your browsers Back button to navigate to the page you have prevously come from.";
additionalInfo =
"We are working hard to correct this issue. Please wait a few moments and try your search again.";
lastError = new Exception(errMsg);
break;
case 500:
title = "Server Error";
descriptor = "Oooops, Something went wrong!";
errMsg = "You have experienced a technical error. We apologize.";
additionalInfo =
"We are working hard to correct this issue. Please wait a few moments and try your search again.";
lastError = new Exception(errMsg);
break;
}
CallErrorController(descriptor, additionalInfo, title, lastError, httpException.GetHttpCode());
}
}
}
protected void Application_EndRequest(object sender, EventArgs e)
{
if (Response.StatusCode == 401 || Response.StatusCode == 403)
{
Response.ClearContent();
string additionalInfo = null;
string title = null;
const string errMsg =
#"You have attempted to access a resource for which you do not have the proper authorization or which is not available from your location.
If you received this message by clicking on a link on this website, please report it to the webmaster. Use your browsers Back
button to navigate to the page you have previously come from.";
const string descriptor = "Access is Denied";
title = descriptor;
Exception lastError = new Exception(errMsg);
CallErrorController(descriptor, additionalInfo, title, lastError, Response.StatusCode);
}
}
private void CallErrorController(string descriptor, string additionalInfo, string title, Exception lastError, int statusCode)
{
Server.ClearError();
Response.TrySkipIisCustomErrors = true;
HttpContextWrapper contextWrapper = new HttpContextWrapper(this.Context);
RouteData routeData = new RouteData();
routeData.Values.Add("controller", "Error");
routeData.Values.Add("action", "Index");
routeData.Values.Add("statusCode", statusCode);
routeData.Values.Add("exception", lastError);
routeData.Values.Add("descriptor", descriptor);
routeData.Values.Add("additionalInfo", additionalInfo);
routeData.Values.Add("title", title);
routeData.Values.Add("isAjaxRequet", contextWrapper.Request.IsAjaxRequest());
IController controller = new ErrorController();
RequestContext requestContext = new RequestContext(contextWrapper, routeData);
controller.Execute(requestContext);
Response.End();
}
ErrorController:
public class ErrorController : Controller
{
public ActionResult Index(int statusCode, Exception exception, string descriptor, string additionalInfo, string title, bool isAjaxRequet)
{
if (!isAjaxRequet)
{
ErrorModel model = new ErrorModel { HttpStatusCode = statusCode, Exception = exception, Descriptor = descriptor, AdditionalInfo = additionalInfo, Title = title};
return View("Error", model);
}
else
{
// Otherwise, if it was an AJAX request, return an anon type with the message from the exception
var errorObjet = new { message = exception.Message };
return Json(errorObjet, JsonRequestBehavior.AllowGet);
}
}
}
Running Locally:
Running From the Server:
Try adding this to your web.config
<configuration>
... //all the other gubbins that goes in your web config
<system.webServer>
<httpErrors errorMode="Detailed" />
</system.webServer>
</configuration>
Or turning on detailed errors via the iis adamin module
In my mvc application I handle 404 and 505 errors by checking response code in Application_EndRequest() method in global.asax.cs and returning custom 404/error page like below
protected void Application_EndRequest()
{
if (Context.Response.StatusCode == 404)
{
Response.Clear();
var rd = new RouteData();
rd.Values["controller"] = "Errors";
rd.Values["action"] = "PageNotFound";
IController c = new ErrorsController();
c.Execute(new RequestContext(new HttpContextWrapper(Context), rd));
}
else if (Context.Response.StatusCode == 500)
{
Response.Clear();
var rd = new RouteData();
rd.Values["controller"] = "Errors";
rd.Values["action"] = "ServerError";
IController c = new ErrorsController();
c.Execute(new RequestContext(new HttpContextWrapper(Context), rd));
}
}
}
And I have Errors controller like below
public ActionResult PageNotFound()
{
Response.StatusCode = (int)HttpStatusCode.NotFound;
return View();
}
public ActionResult ServerError()
{
Response.StatusCode = (int)HttpStatusCode.InternalServerError;
return View("Error");
}
Now when I type the url in addressbar like http://mydomain/errors/servererror, It displays my current custom error page
So I want to prevent user by accessing this page, so how can I accomplish that?
P.S.
So far I have tried to solve this by configuring route named "Errors/ServerError" and redirecting it to somewhere else, but I think there may be another good way out there..