We are currently doing error handling with Application_Error in global.asax.vb :
Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs) OurLibrary.HandleError(Me) End Sub
HandleError then logs the error in the database, displays an informational message to the user and returns the correct status code (404 or 500) depending on the type of exception that occurred:
Public Shared Sub HandleError(httpApp As HttpApplication) ''
Server.ClearError necessary, because otherwise ASP.NET error processing starts by default, and the user is displayed - depending on the current state of <customErrors> - either the "yellow screen of death" or an informational message about how <customErrors> can be disabled .
The downside of using ClearError is that I can no longer use <customErrors> to override the error handling behavior - something that brought a lot of problems during the recent ASP.NET vulnerability where the recommended workaround was done using <customErrors> .
I know that I can only use customErrors and display information for the user on the page referenced by the defaultRedirect attribute, but I need to add this error page to every web project (and not everything is beautifully centralized in one library function).
Is it possible to perform regular error handling in Application_Error, but still allow it to be overridden by <customErrors> ? Is this even the best practice or am I doing something fundamentally wrong?
PS: Many of our applications are hosted on our client servers (instead of our own), so "putting all the information in the application log and not showing anything to the user" is actually not an option.
Solution . Replace httpApp.Server.ClearError() with
If Not HttpContext.Current.IsCustomErrorEnabled Then httpApp.Server.ClearError()
source share