Seckin Seckin - 10 months ago 62
ASP.NET (C#) Question

IIS7.5 Server.ClearError() does not work

I'm trying to fix a XSS vulnerability, i surrounded my code with a try catch block to handle a


I cannot share the whole code due to privacy reasons. The following code is from a function being invoked in the
method of an

Here's my catch block.

// A long try block was here ...
catch (HttpRequestValidationException)
// ASP.NET, let me handle this one.


This works as expected on localhost, but when i publish the code on IIS, another
is thrown from a temporary class (See below).

Path to the wild class : '...\Temporary ASP.NET Files\<app_name>\5d4b8059\5739b33c\App_Web_n1jnrwmr.0.cs'

This problem also occurs on localhost when i don't use

I need to show an user-friendly error message instead of that irritating exception page.

Any help is appreciated, thank you!

Answer Source

Why aren't you just using the standard ASP.NET error handling approach of custom errors in the web config and defining a custom error page? If you want to log the exception in your global.asax add the method Application_Error which will be called on an unhandled exception (see code example below).

If you don't call "Server.ClearError()" then ASP.NET will use the error page defined in custom errors and automatically redirect your user there.

protected void Application_Error(object sender, EventArgs args)
    var exception = this.Server.GetLastError();

      <customErrors mode="Off" defaultRedirect="~/error/notification">
        <!-- Required for HandleErrorFilter -->
        <error statusCode="404" redirect="~/error/notfound" />