Asp.net Server Error Messages
Contents |
ASP.NET web-site, and would like the ability to conditionally show/hide runtime error messages depending on who the user visiting the
How To Display Error Message In Asp Net Using C#
site is.For a normal user visiting the site you want to asp.net custom error be able to display a friendly error message like this when a runtime error occurs: But
Asp.net Error Handling
when someone within the “developers” security role of your application remotely accesses the site you want to instead show a more detailed exception stack trace error message exception handling in asp.net c# about the problem without having to change any configuration data: The below post describes how to use ASP.NET’s role-based security architecture in conjunction with the Global.asax Application_Error event handlerto enable this. You can also download a sample I’ve built that shows how to implement this here.Some Background Discussion on Error Handling and ASP.NET Custom asp.net error page Error Pages:ASP.NET and .NET support a rich error-handling architecture that provides a flexible way to catch/handle errors at multiple levels within an application. Specifically, you can catch and handle a runtime exception with a class, within a page, or on the global application level using the Application_Error event handler within the Global.asax class. If a runtime exception isn’t handled/cancelled by one of these mechanisms, then ASP.NET’s Custom Error Page feature will kick-in, and an error page will be sent back to the browser accessing the application.ASP.NET’s Custom Error Page feature can be used to configure a “friendly error page” to be displayed to end-users in place of the standard “server error occurred” message sent back by ASP.NET. For example, the below web.config file section will cause remote users visiting the site to be redirected to a “friendlyErrorPage.htm” file anytime a runtime error occurs (note: HTTP 500 status code responses indicate runtime errors on the server): Dev centers Retired content Samples We’re sorry. The content you requested has been asp.net error logging removed. You’ll be auto redirected in 1 second. MSDN Library MSDN Library MSDN Library MSDN Library Design Tools Development Tools and Languages Mobile and Embedded Development .NET Development Office development Online Services Open Specifications patterns & practices Servers and Enterprise Development Speech Technologies Web Development Windows Desktop App Development http://weblogs.asp.net/scottgu/Tip_2F00_Trick_3A00_-Show-Detailed-Error-Messages-to-Developers TOC Collapse the table of content Expand the table of content This documentation is archived and is not being maintained. This documentation is archived and is not being maintained. How to: Display Safe Error Messages Other Versions Visual Studio 2010 .NET Framework 4 Visual Studio 2008 .NET Framework 3.0 Visual Studio 2005 When your application displays error messages, it should not give away https://msdn.microsoft.com/en-us/library/994a1482.aspx information that a malicious user might find helpful in attacking your system. For example, if your application unsuccessfully tries to log in to a database, it should not display an error message that includes the user name it is using. There are a number of ways to control error messages, including the following: Configure the application not to show verbose error messages to remote users. (Remote users are those who request pages while not working on the Web server computer.) You can optionally redirect errors to an application page. Include error handling whenever practical and construct your own error messages. In your error handler, you can test to see whether the user is local and react accordingly. Create a global error handler at the page or application level that catches all unhandled exceptions and routes them to a generic error page. That way, even if you did not anticipate a problem, at least users will not see an exception page. To configure the application to turn off errors for remote users In the Web.config file for your application, make the following changes to the cus here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings http://stackoverflow.com/questions/9940305/cant-see-real-error-message-of-an-asp-net-application and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation http://www.iis.net/learn/troubleshoot/diagnosing-http-errors/how-to-use-http-detailed-errors-in-iis Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it error message only takes a minute: Sign up Can't see real error message of an ASP.NET application? up vote 3 down vote favorite I have an almost blank ASP.NET website I've created (1 page). I've deliberately coded a divide by zero error on Page_Load. If the application pool is set to "ASP.NET 4.0 Pipeline: Integrated" then I do not see the page load error message in error but instead I get: Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed. The folder is set to be an application in IIS and the correct web.config entries to show errors are present, but for some reason, I cannot get .NET to show me the correct error message unless I change the applciation pool to ASP.NET Classic. Why is the "classic" mode necessary? I'm pulling my hair out as all other sites on the same machine are working OK (IIS7) and yet any new site I create seems to have this same problem. Any idea what might be causing IIS to either not recognise this folder is an application or otherwise not display the correct error message? EDIT: Web.Config is: Server Web App Gallery Microsoft Azure Tools Visual Studio Expression Studio Windows Internet Explorer WebMatrix Web Platform Installer Get Help: Ask a Question in our Forums More Help Resources Blogs Forums HomeLearnTroubleshootChapter 4. Diagnosing HTTP ErrorsHow to Use HTTP Detailed Errors in IIS 7.0 How to Use HTTP Detailed Errors in IIS 7.0 By IIS TeamDecember 12, 2007Introduction Every Web-Site Administrator or Web Developer has seen "404 - File not found" , "401 - Unauthorized" or "500 - Server Error" messages in his browser. This article helps you understand how and why IIS generates these errors and how they can be configured. Many might think that generating error messages does not seem to justify a full article. But there is more to errors than meets the eye. Error messages are a sensitive topic, because every error reveals more about your web-site than you might want revealed. The more information someone can gather about your site, the likelier it is that you will be hacked. A search for "google hacking" or "cross-site scripting" reveals a wealth of information on this topic. However, error messages are also a valuable tool to troubleshoot problems. Developers and Web-Site Administrators require as much detail as possible when an error occurs. Ideally the error message gives recommendations on how to fix the problem. Here is how IIS addresses these fundamentally opposed goals. Errors, What Errors? This article talks about HTTP errors as specified in the HTTP RFC (RFC 2616 - section 6.1.1). An HTTP error is always expressed by sending a response with a status code greater than 400 back to the requesting client. Client Errors Status codes between 400 and 500 specify an error that the client made, e.g. bad syntax or a request to a resource that doesn't exist. You can try this by requesting a bogus URL from the web-site of your choice, for example: http://Asp.net Mvc Error Handling