开发者

When does Application_Error fire in ASP.NET 4.0?

开发者 https://www.devze.com 2023-02-27 02:13 出处:网络
When Application_Error fires, I log the error and send an email to myself. I\'ve disabled request validation in the web.config and I\'m using the AntiXSS library for security. I found one location in

When Application_Error fires, I log the error and send an email to myself.

I've disabled request validation in the web.config and I'm using the AntiXSS library for security. I found one location in my application that was not using AntiXSS when I got an email alert that "a potentially dangerous form value was submitted".

I found that the user was still able to save, which means that the form was successfully submitted. I thought that must be because of the validateRequest = "false" entry. But I just found that requestValidationMode="2.0" is required in 4.0 for validateRequest to have any effect. If that's the case, how come Application_Er开发者_JAVA百科ror fired if the thread didn't abort?

So, when does Application_Error fire? And has this changed in 4.0?


As the name implies 'Application Error' is an error issued at the application level.


It turns out that I was mistaken. An error was in fact visibly occuring and the user was redirected to the Custom Errors page. I don't understand how the save still succeeded if an error occured when the form was being submitted. But that's a separate question so I'll ask that separately.

0

精彩评论

暂无评论...
验证码 换一张
取 消