locked
asp.net mvc and vulnerability issue RRS feed

  • Question

  • User-2071078018 posted

    Hi to all,

    i have implemented several asp.net mvc web apps with the following guidelines:

    - Catch all invalid urls on the global.asax and redirect to ErrorControlle -> Error action

    - Inside the Error action return the View result in order to redirect to the Error.aspx view page under Views/Shared folder.


    In order to implement ScottGu's instructions, i have removed the global route "catch all invalid urls" rule, commented the ErrorController code, and added the custom errors node in the web.config file

    <customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="~/Error.aspx" />

    I cannot get this working though, since i get 404, resource not found or controller action exceptions generic error pages, according to the invalid url i type.


    Could anyone provide some guide of what someone could do in order to implement the workaround in an asp.net mvc web app?

    thanks in advance,

    Dimitris


    Wednesday, September 22, 2010 11:36 AM

Answers