Im trying to make a redirect to a custom error page on Access Denied (403) and the iis express its just showing the defult ugly 403 page i made the following changes on my web.config
<httpErrors>
<remove statusCode="403"/>
<error statusCode="403" path="ErrorManager/InsufcientPrivilage"/>
</httpErrors>
and
<customErrors mode="On">
<error statusCode="403" redirect="ErrorManager/InsufcientPrivilage" />
<error statusCode="404" redirect="ErrorManager/PageNotFound"/>
</customErrors>
the strange thing is that the 404 custom error page is working but the 403 dont
Did you tried something like this:
<customErrors mode="On">
<error statusCode="403" redirect="~/ErrorManager/InsufcientPrivilage" />
<error statusCode="404" redirect="~/ErrorManager/PageNotFound"/>
</customErrors>
<system.webServer>
<httpErrors errorMode="Detailed" />
</system.webServer>
I suggest you to remove httpErrors sub elements as httpErrors are meant for displaying errors for non .net applications. In your case customErrors element is enough.
Regards,
Uros
Related
I want to restrict access to my ASP.NET Core application by only configuring it in IIS (10).
This is not the problem, as I enable only "Windows authentication" and then I can do
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\MyDLL.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" >
</aspNetCore>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="user.withaccess />
</authorization>
</security>
</system.webServer>
</location>
This works fine, but every user without access just gets a 401 response and no error page.
Normally you could configure something like that:
<location path="." inheritInChildApplications="false">
<system.webServer>
<!-- ... -->
<httpErrors errorMode="Custom" existingResponse="PassThrough">
<remove statusCode="401" subStatusCode="-1" />
<error statusCode="401" subStatusCode="2" prefixLanguageFilePath="" path="401.htm" responseMode="File" />
</httpErrors>
</system.webServer>
</location>
but the custom error page is only accessible by users who already can access the application (trying to open the error page results in a 401 too for unauthorized users).
Now in my case it's currently not possible to change the ASP.NET Core application itself, so I have to do it in IIS.
What do I have to configure that the custom error page can be served, but everything else is protected?
My web.config has this:
<system.web>
<customErrors mode="RemoteOnly" />
<authentication mode="Forms">
<forms loginUrl="~/Account/" />
</authentication>
Is there a nice way to get this loginUrl in the MVC code as a string?
If you search the web for for "asp.net get loginurl from web.config", you'll find:
System.Web.Security.FormsAuthentication.LoginUrl
I have some spare time on the project I'm working on and want to customize the WCF "Service not found" error with something useful, humorous, or matches the site's 404 page.
How can I customize the WCF "service not found" error?
Please add the bellow code under system.web node in your config
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
I'm using asp.net MVC4 + visual studio 2012. every thing all fine, But only the custom error always has the aspxerrorpath param on the URL.
I already config the custom error on web.config:
<customErrors mode="On" defaultRedirect="~/Error/Error">
<error redirect="~/Error/Error" statusCode="404" />
<error redirect="~/Error/Error" statusCode="500" />
</customErrors>
I also changed my Error Action to :
public ActionResult Error()
{
Response.Status = "404 Not Found";
Response.StatusCode = 404;
return View();
}
Will now when there is some 404 happening. I always got aspxerrorpath param on my URL.
I tried add redirectMode="ResponseRewrite" to the customError nodes but If add this , the error will display a run time exception.....
So Is there any best way to remove the aspxerrorpath param? Thanks.
Another simple solution is turning on customErrors in web.config file for 404 error:
<customErrors mode="On">
<error statusCode="404" redirect="~/home/notfound" />
</customErrors>
and in home controller:
public ActionResult NotFound(string aspxerrorpath)
{
if (!string.IsNullOrWhiteSpace(aspxerrorpath))
return RedirectToAction("NotFound");
return View();
}
I wrote
<customErrors mode="On" defaultRedirect="~/" redirectMode="ResponseRedirect" />
in <system.web>...</system.web>, than in my default action's (in the default controller), on the first line I wrote following:
if (Request["aspxerrorpath"] != null) return RedirectToAction(this.ControllerContext.RouteData.Values["action"].ToString());
It is dirty resolve, but effective.
Finally I close the customErrors
<customErrors mode="Off"></customErrors>
Then I use httpErrors to replace it.
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="400"/>
<error statusCode="400" responseMode="ExecuteURL" path="/Error/BadRequest"/>
<remove statusCode="403"/>
<error statusCode="403" responseMode="ExecuteURL" path="/Error/AccessDenied" />
<remove statusCode="404"/>
<error statusCode="404" responseMode="ExecuteURL" path="/Error/NotFound" />
<remove statusCode="500"/>
<error statusCode="500" responseMode="ExecuteURL" path="/Error/Error" />
</httpErrors>
Now All fine.
Update 1
But it will display the exception details sometimes , So now I use :
<customErrors mode="RemoteOnly" defaultRedirect="~/Main/Error" redirectMode="ResponseRewrite">
<error redirect="~/Main/NotFound" statusCode="404" />
<error redirect="~/Main/Error" statusCode="500" />
<error redirect="~/Main/AccessDenied" statusCode="403" />
<error redirect="~/Main/BadRequest" statusCode="400" />
</customErrors>
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="400" />
<error statusCode="400" responseMode="ExecuteURL" path="/Main/BadRequest" />
<remove statusCode="403" />
<error statusCode="403" responseMode="ExecuteURL" path="/Main/AccessDenied" />
<remove statusCode="404" />
<error statusCode="404" responseMode="ExecuteURL" path="/Main/NotFound" />
<remove statusCode="500" />
<error statusCode="500" responseMode="ExecuteURL" path="/Main/Error" />
</httpErrors>
I think still not find best solution for now. also don't understand why the Microsoft design like that. Maybe want every one know the website based on .NET
I have same issue the aspx error path is set from my IIS server. so check your IIS settings:
your project > Authentication > Forms Authentic
In form authentication right click Edit and check your URL.
I have problem in that url path remove the extension .aspx and it working fine.
Use Redirect inside your mvc action.
For example in config you can have "~/Error", in controller have Index action (default action) that redirects to Error action (I would call it PageNotFound) - querystring will be lost on redirecting.
<customErrors mode="On" defaultRedirect="/404.html" redirectMode="ResponseRewrite">
<error redirect="/403.html" statusCode="403" />
<error redirect="/404.html" statusCode="404" />
<error redirect="/500.html" statusCode="500" />
</customErrors>
The absolute simplest solution is to use a blank querystring in the defaultRedirect in web.config to override (note the question mark):
<system.web>
<customErrors defaultRedirect="~/error?" mode="On" />
</system.web>
I use custom action filter in asp.net mvc app to return http status code 422 and json list of validation errors (basically serialized model state dictionary) to client, where I handle that with global ajaxError handler in jQuery.
All of this works on development enviroment, but my problem is when custom errors mode is on (<system.webServer>/<httpErrors errorMode="Custom">), IIS replaces response (json) with text "The custom error module does not recognize this error."
I'm having hard time properly configuring IIS to pass-through original response if status code is 422. Anyone did something similar?
If web server is configured to pass through existing response, it will return json contents to browser.
<system.webServer>
<httpErrors errorMode="DetailedLocalOnly" existingResponse="PassThrough">
</httpErrors>
</system.webServer>
MSDN: httpErrors Element [IIS Settings Schema]
Make the following settings for IIS 7.5, this works fine for me, the most important thing here was the installation of the existingResponse="Replace":
<httpErrors errorMode="DetailedLocalOnly" existingResponse="Replace" detailedMoreInformationLink="http://YouLink" lockAttributes="allowAbsolutePathsWhenDelegated,defaultPath">
<error statusCode="401" prefixLanguageFilePath="" path="C:\path\to\401.htm" responseMode="File" />
<error statusCode="403" prefixLanguageFilePath="" path="C:\path\to\403.htm" responseMode="File" />
<error statusCode="404" prefixLanguageFilePath="" path="C:\path\to\404.htm" responseMode="File" />
<error statusCode="405" prefixLanguageFilePath="" path="C:\path\to\405.htm" responseMode="File" />
<error statusCode="406" prefixLanguageFilePath="" path="C:\path\to\406.htm" responseMode="File" />
<error statusCode="412" prefixLanguageFilePath="" path="C:\path\to\412.htm" responseMode="File" />
<error statusCode="500" prefixLanguageFilePath="" path="C:\path\to\500.htm" responseMode="File" />
<error statusCode="501" prefixLanguageFilePath="" path="C:\path\to\501.htm" responseMode="File" />
<error statusCode="502" prefixLanguageFilePath="" path="C:\path\to\502.htm" responseMode="File" />
<error statusCode="400" prefixLanguageFilePath="" path="C:\path\to\400.htm" responseMode="File" />
</httpErrors>
Check if error pages are configured for your application in IIS. You need to add your custom error page for the status code eg: 429
Add the status code HTMLstrong text page. It should resolve the issue