How to catch HttpRequestValidationException in production_问答_开发者

How to catch HttpRequestValidationException in production

开发者 https://www.devze.com 2023-02-10 20:32 出处：网络

I have this piece of code to handle the HttpRequestValidationException in my global.asax.cs file. protected void Application_Error(object sender, EventArgs e)

I have this piece of code to handle the HttpRequestValidationException in my global.asax.cs file.

protected void Application_Error(object sender, EventArgs e)
{
    var context = HttpContext.Current;
    var exception = context.Server.GetLastError();
    if (exception is HttpRequestValidationException)
    {
        Response.Clear();
        Response.StatusCode = 200;
        Response.Write(@"<html><head></head><body>hello</body></html>");
        Response.End();
        re开发者_StackOverflow社区turn;
    }
}

If I debug my webapplication, it works perfect. But when i put it on our production-server, the server ignores it and generate the "a potentially dangerous request.form value was detected from the client" - error page. I don't know what happens exactly... If anybody knows what the problem is, or what i do wrong..?

Also I don't want to set the validaterequest on false in the web.config.

The server uses IIS7.5, And I'm using asp.net 3.5.

Thanks, Bruno

Ok, i found it my self. I must clear my last error.

protected void Application_Error(object sender, EventArgs e)
{
    var context = HttpContext.Current;
    var exception = context.Server.GetLastError();
    if (exception is HttpRequestValidationException)
    {
        context.Server.ClearError();    // Here is the new line.
        Response.Clear();
        Response.StatusCode = 200;
        Response.Write(@"<html><head></head><body>hello</body></html>");
        Response.End();
        return;
    }
}

Another way that only works with MVC is using a custom Exception Filter:

Create a custom FilterAttribute that implements IExceptionFilter
from inside the FilterAttribute, you can redirect to the controller or view to be used to display the error.
register the filter in the Global.asax or attribute your controllers

This has the advantage that you can use the normal MVC infrastructure (Razor) to render the error view.

public class HttpRequestValidationExceptionAttribute : FilterAttribute, IExceptionFilter {

    public void OnException(ExceptionContext filterContext) {
        if (!filterContext.ExceptionHandled && filterContext.Exception is HttpRequestValidationException) {
            filterContext.Result = new RedirectResult("~/HttpError/HttpRequestValidationError");
            filterContext.ExceptionHandled = true;
        }
    }
}