locked
In Case of Vulnerability we redirected to error.aspx, But Is it possible to get Error Description on error.aspx? RRS feed

  • Question

  • User-786643629 posted


    <customErrors mode="On" defaultRedirect="~/error.aspx"/>

    In Case of Vulnerability we redirected to error.aspx, But Is it possible to get Error Description on error.aspx? 

    I mean I want to see what has caused an error..............

    Tuesday, September 21, 2010 1:42 AM

Answers

  • User915387828 posted

    Hi Sonam,

    If you get the error in the webpage, you can get it at Page_Error event.

    public void Page_Error(object sender,EventArgs e)
    {
    	Exception objErr = Server.GetLastError().GetBaseException();
    	string err =	"<b>Error Caught in Page_Error event</b><hr><br>" + 
    			"<br><b>Error in: </b>" + Request.Url.ToString() +
    			"<br><b>Error Message: </b>" + objErr.Message.ToString()+
    			"<br><b>Stack Trace:</b><br>" + 
    	                  objErr.StackTrace.ToString();
    	Response.Write(err.ToString());
    	Server.ClearError();
    }
    If you get it at global.asax file.
    Add the following code to the Global.asax file:
    using System.Diagnostics;
    
    protected void Application_Error(object sender, EventArgs e)
    {
    	Exception objErr = Server.GetLastError().GetBaseException();
    	string err =	"Error Caught in Application_Error event\n" +
    			"Error in: " + Request.Url.ToString() +
    			"\nError Message:" + objErr.Message.ToString()+ 
    			"\nStack Trace:" + objErr.StackTrace.ToString();
    	EventLog.WriteEntry("Sample_WebApp",err,EventLogEntryType.Error);
    	Server.ClearError();
    	//additional actions...
    } 
    
    

    Please check the following link:

    http://support.microsoft.com/kb/306355

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 24, 2010 5:55 AM
  • User1459398585 posted

    Error messages should never be displayed to the user. You should log them to your own log file / the event log / a database table, and display a generic error to the user. This allows you to not leak information to an attacker, AND see what happened later.

    / Michael /

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 24, 2010 10:33 AM

All replies

  • User614805505 posted

    Dear, 

    Maybe you can do in this way: http://msdn.microsoft.com/en-us/library/fwzzh56s.aspx


    <customErrors mode="On" defaultRedirect="~/error.aspx"/>

    I think that is no way to trap the error at error.aspx.

    Tuesday, September 21, 2010 2:33 AM
  • User-234406897 posted

    Can you not just log the error in some logs, text file, event log, etc rather than giving it to teh user?

    Tuesday, September 21, 2010 7:29 AM
  • User915387828 posted

    Hi Sonam,

    If you get the error in the webpage, you can get it at Page_Error event.

    public void Page_Error(object sender,EventArgs e)
    {
    	Exception objErr = Server.GetLastError().GetBaseException();
    	string err =	"<b>Error Caught in Page_Error event</b><hr><br>" + 
    			"<br><b>Error in: </b>" + Request.Url.ToString() +
    			"<br><b>Error Message: </b>" + objErr.Message.ToString()+
    			"<br><b>Stack Trace:</b><br>" + 
    	                  objErr.StackTrace.ToString();
    	Response.Write(err.ToString());
    	Server.ClearError();
    }
    If you get it at global.asax file.
    Add the following code to the Global.asax file:
    using System.Diagnostics;
    
    protected void Application_Error(object sender, EventArgs e)
    {
    	Exception objErr = Server.GetLastError().GetBaseException();
    	string err =	"Error Caught in Application_Error event\n" +
    			"Error in: " + Request.Url.ToString() +
    			"\nError Message:" + objErr.Message.ToString()+ 
    			"\nStack Trace:" + objErr.StackTrace.ToString();
    	EventLog.WriteEntry("Sample_WebApp",err,EventLogEntryType.Error);
    	Server.ClearError();
    	//additional actions...
    } 
    
    

    Please check the following link:

    http://support.microsoft.com/kb/306355

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 24, 2010 5:55 AM
  • User1459398585 posted

    Error messages should never be displayed to the user. You should log them to your own log file / the event log / a database table, and display a generic error to the user. This allows you to not leak information to an attacker, AND see what happened later.

    / Michael /

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 24, 2010 10:33 AM
  • User-786643629 posted

    Hi Michael

    Although Hua-Jun Li has given the solution for which I was wandring but you are right we should maintain it  personaly.

    Thanks to you all

    Friday, September 24, 2010 3:29 PM