Elmah did not log HttpRequestValidationException

Question

In my ASP.NET MVC2 application Elmah fails to log any HttpRequestValidationException (except when you are logged into the webserver via remote desktop and browsing the site as localhost)

For example if I type &#39 into a textbox when browsing normally from my pc using the domain name I get

Server Error in '/' Application.
Runtime Error 

Description: An application error occurred on the server. The current custom 
error settings for this application prevent the details of the application 
error from being viewed remotely (for security reasons). It could, however, 
be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on 
remote machines, please create a <customErrors> tag within a "web.config" 
configuration file located in the root directory of the current web application. 
This <customErrors> tag should then have its "mode" attribute set to "Off".

And nothing shows in the Elmah log.

But if I log into the webserver via remote desktop and browse the site as localhost I can see the full error message:

Server Error in '/' Application.
A potentially dangerous Request.Form value was detected from the client 

I know why different error messages are shown, it is because I don't have a <customErrors mode="Off"/> node in my web.config. But that's ok, I do not want the full error message shown to the whole world.

But what I do want is for Elmah to log this error when it occurs. What do I need to do to get this to work as expected?

Answer 1

I think this is this Elmah defect http://code.google.com/p/elmah/issues/detail?id=217 , which is caused by a breaking change in request validation in ASP.NET 4. The defect lists two possible workarounds (manually log the exception in ELMAH by catching it in the Application_Error handler or turning off the new validation behavior in the Web.config)

See this blog post providing a workaround.