Custom Error Page

[Working.Net]

This should be something easy (famous last words) I have a default error redirect page which works just great, but I am trying to capture some additional information about the error and store it in an error table or email it back to myself. Below is what I got so far:

Code:

CustomErrorPage.aspx
<form id="form1" runat="server" class="ErrorForm">
   <div class="YellowText">
      <h2>Error:</h2>
         <p>
            A problem has occurred.&nbsp; We apologize for any 
            inconvenience this may cause.&nbsp; Please reload 
            the application by pressing the F5 function key.
            &nbsp; If this problem persists contact the 
            application developer at (999) 999-9999
         </p>
         <p>
         <b>The Error occured at:</b><br />
         <asp:Label ID="ErrorLabel" runat="server" Text="Label"></asp:Label>
         </p>
   </div>
</form>
</body>
</html>

CustomErrorPage.aspx.vb 
Imports System.Web
Imports System.Web.Configuration

Partial Class CustomErrorPage
   Inherits System.Web.UI.Page

   Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
      Dim vErrorPage As String = Request("aspxerrorpath")
      ErrorLabel.Text = vErrorPage

   End Sub
End Class

Web.config
<system.web>
      <customErrors mode="RemoteOnly" defaultRedirect="CustomErrorPage.aspx"/>
</system.web>

I have tried capturing the exception information in my on-load event using:

Code:

Dim objErr As Exception
Dim vStr As String
objErr = Server.GetLastError()
vStr = objErr.StackTrace.ToString

but then I get this error:

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".

Of course when I follow the suggested solution my redirect no longer works.

I have also played around with the following since it seems exactly what I am looking for but I can’t get it to work.

Code:

<&#37;
Response.Write("ASPCode=" & objErr.ASPCode)
Response.Write("<br />")
Response.Write("ASPDescription=" & objErr.ASPDescription)
Response.Write("<br />")
Response.Write("Category=" & objErr.Category)
Response.Write("<br />")
Response.Write("Column=" & objErr.Column)
Response.Write("<br />")
Response.Write("Description=" & objErr.Description)
Response.Write("<br />")
Response.Write("File=" & objErr.File)
Response.Write("<br />")
Response.Write("Line=" & objErr.Line)
Response.Write("<br />")
Response.Write("Number=" & objErr.Number)
Response.Write("<br />")
Response.Write("Source=" & objErr.Source)
%>

Any suggestions on how I might approach this?

Thanks for your help.

[gep13]

Hey,

I would suggest, as a starting point, you take a look at this article:

http://www.15seconds.com/issue/030102.htm

It talks you through all the places that you can "trap" the errors, and how you can go about taking the necessary action.

Gary

[danasegarane]

There are three modes in CustomErrors Redirect

1.RemoteOnly - Will be redirect other than the Deployed system
2.Off - No redirect will be done
3.On - Redirect will be done in deployed and cleint systems


<customErrors mode="RemoteOnly">
<error statusCode="401" redirect="FileNotFound.aspx"/>
</customErrors>

[Working.Net]

Thanks Gary and dadasegarane for your response. Gary the link you provided is very thorough. I think it will take me some time to digest and implement the information. If I understand the article right I will have to go with the global.asax file method to be able to log the errors in a database:

The global.asax file contains the next line of defense against errors. When an error occurs, the Application_Error sub is called. This location happens to be my favorite place to log errors because it is the most functional. For most of my applications in .NET, I don't handle too many custom errors at the page level. I handle them at the application level. The only two locations that actually give you access to Server.GetLastError are in the Page_Error and Application_Error subs.

In any case this looks like something (else) I am going to have to get my head around, and I'll have to allocate some time to be able to study the subject. I guess I was looking for a short answer. I don't think I remember ever seeing one of those in DotNet and I don't understand why I keep hoping for one either

[brin351]

The global.asax Application_Error fires everytime there is an unhandled exception so that error is accessable in this context. By the time a redirect is done to a default error page many other events are likely to have occured in the application.

I handle errors and loggoing with prolific use of try catch blocks, rarely at the page level because I think I should have done enough to try and catch errors. This appears to go against the article posted by Gary but correct me if I'm wrong I believe you can get better error details using specific error handling like

Code:

Try

code here

Catch ex As SqlException
   myErrorHandlingClass(ex)
Catch ex As Exception
   myErrorHandlingClass(ex)
End Try

If a sql exception was throwen the "Catch ex As SqlException" gives more relevant details than just "Catch ex As Exception" which is what Server.GetLastError().GetBaseException is equlvelent to....Am I wrong??????

I try and catch known causes of exceptions an log them specifically like IO, mail, sql, etc.

Also normally I "Throw" errors from classes (in app_code folder) up to the page so I then have a StackTrace that lists the chain of methods and files that tells me what method on what page was first invoked that ended in a error in that class. Much easier to debug this than only knowing an error occured in this class.

Code:

My class

Try

code here

Catch ex As SqlException
   Throw
Catch ex As Exception
   Throw
End Try

Lastly with the exception I also log data from form post, user auth, refering page, cookies, userAgent (browser type etc) etc. So if for example someone entered a form and an error occured I know what they entered in the form too which can be very helpful.

That's just my rave on error handling. I use global, default error page to handle all the bugs Microsoft are to lazy to fix... just kidding

[gep13]

Hey,

I certainly would never advice against correct handling of errors at the method level. If you know that there is a possibility for something to go wrong, i.e. SqlException, you should always capture and handle that exception where you can. The use of the global.asax error handling is simply there to handle, gracefully, those unexpected errors, when something goes horribly wrong.

Gary

[brin351]

Hey,
The use of the global.asax error handling is simply there to handle, gracefully, those unexpected errors, when something goes horribly wrong.

Gary

I agree.

Also more and more users try things they know they shouldn't like injecting html in forms, playing with the url and I see users with malware and malicous bots that intentionaly try to tamper with a site. The default error page is a good place for them to end up as it gives little away for them to learn from.

[gep13]

Agreed. If someone if intent on "breaking" your site, seeing a stacktrace, and additional error message content can give a lot away about your system, so you should aim to never output information that could compromise your system.

Gary

[honeybee]

I have tried capturing the exception information in my on-load event using:

Code:

Dim objErr As Exception
Dim vStr As String
objErr = Server.GetLastError()
vStr = objErr.StackTrace.ToString

but then I get this error:

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".

Did you try debugging the above code to see if the code works correctly? There is a possibility that the error page itself may be throwing an exception. Does a plain ASPX page with a static message work?

.

[Working.Net]

Thanks for all your replies. One of the exceptions, actually the one that started this whole thing, is the session time out. I have been reading about this and find myself slightly confused. Even though the session time out is trapped by the global.asax, I keep reading that you should capture it client side. Is that true? My classic-ASP coworker suggests using the following code in a separate file named CheckSession.asp:

Code:

<&#37;if NOT Session("UserID")>0 then%>
<script type="text/javascript">
	alert("Your session has expired!\nPlease close the GIS Map and login again.");
	top.window.close();
</script>
<%end if%>

And then include the following in each of the forms requiring a redirect after a session timeout:

<!--#include virtual="AppDirectory/CheckSession.asp"-->

This closes the application window and forces the user to start over again. Not a very nice solution for the users, but hey, a small sacrifice for application security

PS, The above ASP code does not work because, as I found out, it tests for a Session("UserID") which of course has to be set first. LOL. Here is an interesting article (interesting in the sense that I have no clue what the author is doing and that is before I attempt to convert his code to VB.) But his point is that you should not be trapping the expiration of a session in the global.asax. I am tempted to say something about how it used to be done with a few lines of code, but I will bite my tongue. I am just cracking up at the absurdity of the whole thing.
http://www.eggheadcafe.com/articles/20051228.asp

[Working.Net]

Well, now I have really done it and talking about embarrasing. I have lost my yellow screen of death. Instead I get a white screen of post-mortem which tells me (nothing):

The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
--------------------------------------------------------------------------------

Please try the following:

•Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.
•If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted.
•Click the Back button to try another link.
HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)

--------------------------------------------------------------------------------

Technical Information (for support personnel)

•Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404.
•Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messages.

Just to be sure I have tried setting <customErrors mode> to all three: On, Off, and RemoteOnly all with the same results, so that can't be it. Can anyone tell me what I might have done to incur the wrath of DotNet and what I can do to get back my yellow screen of death??

NOTE: Hold off on answering this post, I just found something todo with the implementation of Robert Boedigheimer's ideas:
http://aspalliance.com/520_Detecting...n_Timeouts.all
involving changing "Inherits System.Web.UI.Page" to "Inherits basePageSessionExpire". I will be leaving shortly but will provide more info tomorrow. Perhaps I can even answer my own id10t question

[gep13]

Hey,

I think it would help if we clearly understood exactly what you are trying to do with your page. Sounds like there might be an implementation problem here.

Gary

[Working.Net]

Gary,
Thanks for your response and interest.
I have been working on the implementation of a Mapguide Enterprise 2010 GIS application. I started with an application developed by someone else (in C#) and was asked to add functionality (using VB.Net) I got the application to run on our servers including the Mapguide build-in login functionality, which you have to use to be able to use the Mapguide template GUI. There was however an issue with what I thought was the Mapguide session timing out, causing an exception. I have ignored it for too long but hoped to get it resolved before installation next Tuesday.

Part of the time out issue is that the webconfig.ini file is referenced through a virtual directory in IIS while the code looks for the file in the website's physical directory, which of course is not there.

Code:

    public void InitializeWebTier(HttpRequest Request)
    {
        string realPath = Request.ServerVariables["APPL_PHYSICAL_PATH"];
        String configPath = realPath + "webconfig.ini";
        MapGuideApi.MgInitializeWebTier(configPath);
    }

Autodesk's answer to this is to copy the webconfig.ini file to the physical directory, a plausible interim solution, but no good in the long run since that would require us to have one webconfig.ini file for every website we host while I think it should be a global config file (one for all the websites using Mapguide Enterprise)

Also, I now think (but don’t know for certain) that the time out might be IIS timing out instead of MapGuide. I have sought help from Autodesk and although they give me stuff to work with (attached), they keep sidestepping the user login issue using code that when the session times out, logs the user in under full administrative rights (I think not!) So I am trying to integrate their suggestion with the existing code.

To be honest I don't really understand what is going on or what really needs to happen. And unfortunately there is not a "Just do this" kind of answer available. So I have to piece this together from a bunch of, what are unknowns to me. See if any of this makes sense and let me know what you think.
BestPracticeInitializeWebTierMGEnterprise.pdf

[gep13]

Hello there,

So, hold on a sec...

Is the code that you have posted in your last thread, your code, or is that other code that you are not able to change?

I am failing to see why you have to differentiate between the virtual directory, and the physical directory.

Gary

[Working.Net]

Interesting. It is a funny thing. On my way home Friday I thought about the whole day, and it wasn't a particularly good one, considering I spend the entire day trying to get the application back to the way it was. This means that I wanted to see my trusted error message saying: "Gee. I can't find your WebConfig.ini file." I got really close to getting everything back the way I wanted it, even got my yellow screen of death back, except when the application timed out it displayed the login screen in one of the frames. And I realized while thinking about it on my way home, that that behavior might very well be correct, in that the application is doing exactly what it is supposed to do. Never mind the fact that I don't particularly like it.

So having to differentiate between a virtual and a physical directory might as you suggest be a moot point. Back to your question, the code I provided is in fact what the guys at AutoDesk are telling me to use. This is also, I suppose, what I am trying to integrate into my web app.

Gary (and everyone else reading this thread), I tried to formulate a good question for the forum, but I had a really hard time of it on Friday. I really need help understanding session and user login management. I am presently reading murach's ASP.NET 3.5 web programming with VB 2008 which is helping a bit, but I find after reading the chapters on "How to manage state" and "How to authenticate and authorize users" that I still really don't understand what is going on. Furthermore I don't know if following the author's suggestion, to use the ASP.NET user authentication object right out of the box, is such a great idea. If it is, I will have to rewrite what my predecessor has written. I suppose that that is probably not the worst thing I could do

Let me know if there is any thing you can do to help me, and what information I could provide to help you do that. At this point I just need to get up to speed on this. Like all the other stuff I have struggled with I know that I will eventually get it.

[gep13]

Hello again,

Ok, so just so we are clear, how are you currently authenticating your users? Are you handling that code yourself, or are you using the ASP.Net Membership Providers and their associated controls?

Gary

[honeybee]

One solution could be to leave the webconfig.ini file where it is, and add its path (relative to the application root) to the web.config file of your asp.net application. For each application you write which needs to refer to this file, this setting would exist in the web.config file. This way you can use just a single webconfig.ini file. Just another idea.

Regarding session and user login management, if you are getting confused, please don't change anything in the application. Let me try and summarize how a typical application might handle this (note that this is a very crude form and there are better techniques available):

1. Application presents a login screen to a visitor
2. Visitor enters login credentials
3. Application verifies the credentials against a database/another resource
4. Once credentials are verified, application generates a unique ID, or uses the LoginID or any other unique property to identify the visitor.
5. This unique ID is added to the session object
6. Each page in the application first checks the session object to see if a unique ID is present in the session
7. If a unique ID is not present, it means the user has not been authenticated and the page will then redirect the user to the login page.
8. If a unique ID is present, it means the user has been authenticated
9. Now the page will determine if this particular user has access to the page
10. If the user has access to the page, the page will display normally
11. If the user does not have access to the page, a typical "Access Denied" page would be shown

With the evolution of web application development from ASP to ASP.Net, several new and better techniques have been added to the ASP.Net framework which perform one or more of the above tasks transparently for you. For e.g. using the ASP.Net membership model, you would not have to write code to check user credentials.

While the modern techniques no doubt are better in many ways than the old way, if your application has been written the old way, there's no need to make changes to it. Especially if you don't understand EVERYTHING that's happening within.

.

[Working.Net]

Gary, Honeybee,

Thanks for hanging out at the forum on your weekend

Ok, so just so we are clear, how are you currently authenticating your users? Are you handling that code yourself, or are you using the ASP.Net Membership Providers and their associated controls?

My predecessor wrote this bit of the application and I am pretty sure it is not using the ASP.Net Membership Providers. However, it ties in with the MapGuide Enterprise user authorization. The following bit of code is what is used to get the session ID:

Code:

protected void OkButton_Click(object sender, EventArgs e)
{
   String sessionId = "";
   try
   {
      // Initialize a session and register a variable to hold the
      // session id, then initialize the Web Extensions, connect
      // to the site, and create a session.

      UtilityFunctions UtilityFunctions = new UtilityFunctions();
      UtilityFunctions.InitializeWebTier();
      MgUserInformation userInfo = new MgUserInformation(txtUserName.Text.ToString(), txtPassword.Text.ToString());
      MgSite site = new MgSite();
      site.Open(userInfo);
      sessionId = site.CreateSession();
      Session["userID"] = txtUserName.Text.ToString();
      Session["Userpassword"] = txtPassword.Text.ToString();
      FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
   }
   catch (Exception)
      {
      // Invalid credentials supplied, display message
      lblLoginError.Text = "* Invalid login credentials";
   }
}

We are not real happy with this setup because it does not allow us easy access to the user information. When we wrote these applications in the past (classic ASP) we knew what rights the user had and we turned menus on and off depending on these rights. This is instead of giving them an error message when they tried to click on something. We have not been able to replicate this in the current system, and we have it from a reliable source that this is not possible (We haven't gone beyond the extra mile yet to see if we could solve the problem though.) One possible solution is to login using our own login (using ASP.Net Membership Providers) and then if the user has been authenticated do a login behind the scenes for MapGuide Enterprise. But as I mentioned we haven’t gotten quite that far yet, though perhaps now is the time. Let me know what you think.

[honeybee]

If something was possible in classic ASP, there's no reason why it would not be so in ASP.Net. Just that it could be easier or more difficult than classic ASP. So if you want to replicate the same functionality as in the classic ASP, it should be possible. The question is do you need it. If you want to keep the same wine in a new bottle, you could port the code to ASP.Net and it would work the same way. However it's also likely you will want to throw away the old wine and fill the new bottle with a new wine. I am not advising any particular approach here, just outlining my opinions about it.

If you want to write a host of apps which will cater to your business functionality, and one or more of these apps need to interact with the MapGuide thingy, you would do well by implementing the user authentication through the ASP.Net membership roles and then do a background login to the MapGuide app for each user as he/she signs in. If, however, MapGuide is the core app around which your other apps revolve, i.e. it's there in each and every app, you may want to stick with the authentication that the MapGuide app does and not use the ASP.Net membership model at all.

.