When Application_Error fires, I log the error and send an email to myself.
I've disabled request validation in the web.config and I'm using the AntiXSS library for security. I found one location in my application that was not using AntiXSS when I got an email alert that "a potentially dangerous form value was submitted".
I found that the user was still able to save, which means that the form was successfully submitted. I thought that must be because of the validateRequest = "false" entry. But I just found that requestValidationMode="2.0" is required in 4.0 for validateRequest to have any effect. If that's the case, how come Application_Er开发者_JAVA百科ror fired if the thread didn't abort?
So, when does Application_Error fire? And has this changed in 4.0?
As the name implies 'Application Error' is an error issued at the application level.
It turns out that I was mistaken. An error was in fact visibly occuring and the user was redirected to the Custom Errors page. I don't understand how the save still succeeded if an error occured when the form was being submitted. But that's a separate question so I'll ask that separately.
精彩评论