Menu
I have this piece of code to handle the HttpRequestValidationException in my global.asax.cs file.
protected void Application_Error(object sender, EventArgs e)
{
var context = HttpContext.Current;
var exception = context.Server.GetLastError();
if (exception is HttpRequestValidationException)
{
Response.Clear();
Response.StatusCode = 200;
Response.Write(@"<html><head></head><body>hello</body></html>");
Response.End();
return;
}
}
If I debug my webapplication, it works perfect. But when i put it on our production-server, the server ignores it and generate the "a potentially dangerous request.form value was detected from the client" - error page. I don't know what happens exactly... If anybody knows what the problem is, or what i do wrong..?
Also I don't want to set the validaterequest on false in the web.config.
The server uses IIS7.5, And I'm using asp.net 3.5.
Thanks, Bruno
514
Ok, i found it my self. I must clear my last error.
protected void Application_Error(object sender, EventArgs e)
{
var context = HttpContext.Current;
var exception = context.Server.GetLastError();
if (exception is HttpRequestValidationException)
{
context.Server.ClearError(); // Here is the new line.
Response.Clear();
Response.StatusCode = 200;
Response.Write(@"<html><head></head><body>hello</body></html>");
Response.End();
return;
}
}
Another way that only works with MVC is using a custom Exception Filter:
This has the advantage that you can use the normal MVC infrastructure (Razor) to render the error view.
public class HttpRequestValidationExceptionAttribute : FilterAttribute, IExceptionFilter {
public void OnException(ExceptionContext filterContext) {
if (!filterContext.ExceptionHandled && filterContext.Exception is HttpRequestValidationException) {
filterContext.Result = new RedirectResult("~/HttpError/HttpRequestValidationError");
filterContext.ExceptionHandled = true;
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
