Geek Answers Handbook

Why doesn't IIS 7 return JSON errors? Works on * my * car

I follow the principles from the next blog post and I get the behavior that I expect when I debug my WCF service using Visual Studio 2010's built-in web server.

http://zamd.net/2008/07/08/error-handling-with-webhttpbinding-for-ajaxjson/

When my application throws FaultException (), I see a JSON representation of this error on my local computer. The application also returns the corresponding HttpStatusCode (in this case 401 Unauthorized), which is the desired behavior.

{"Code":"UserNotLoggedInFault","DisplayText":"You must be logged in to access this resource.","InternalText":"User is not logged in"}

When I deploy my application in IIS 7.0, I get the correct HttpStatusCode, but the returned html is the general text associated with the status:

You do not have permission to view this directory or page.

Since this works locally, I assume the problem is with configuring IIS. I already deleted the values โ€‹โ€‹of the IIS: Error Pages pages that intercepted error conditions (it was used to return formatted HTML from% SystemDrive% \ inetpub \ custerr \\ 401.htm)

Does anyone know what IIS parameters I need to change to allow the JSON response to pass when the HTTP status returns outside the 200 range? ... or maybe there is something else I need to do?

UPDATE # 1

This only happens when my application throws a FaultException, which also sets the HttpStatusCode for Unauthorized (401). If my application returns a 404 Not Found status code then JSON returns correctly.

The question is still there, but I believe that it only applies to returning an unauthorized 401 status code.

Here are some response screenshots taken by Charles Web Proxy

http://imgur.com/a/MkRRI

This is what it looks like when I got to my local machine

http://imgur.com/a/RMmsa

UPDATE # 2

So this does not happen if I remove the desktop to the server and get to the site through localhost. When I hit my url requiring authentication, I get the correct JSON object.

http://i.imgur.com/J5oNn.png

Does this mean that IIS treats the 401 status code differently and that unidentified users are protected from the correct answer?

+7
source share
2 answers

We have discovered an IIS "Error" configuration setting that corrects this behavior.

You need to set the error responses to "Detailed errors", the default is "Detailed errors for local queries and custom error pages for remote queries." You can install it on your website or server.

It seems that the function decides to display the user error page for 401, rather than detailing the unauthorized client more.

Just make sure that service error handling protects the exception, otherwise the client may see the stack.

+6
source

"You do not have permission" is generated by the browser. I assume that you are viewing the response to the request in a browser; I guess IE.

IE creates a "friendly" page for you, given the answer of 401. IE is not a json client, and it considers the caller to be human (almost always correct). Thus, it displays a human-friendly page.

If you tickle this URL with Fiddler or with wget.exe or some other non-browser tool, you will see the correct output with a status code of 401 and a json response.

Not sure what is going on in other browsers.

For more information on the "friendly" error pages in IE, including how to disable them, see this article by Eric Lawrence (author of Fiddler) .

-one
source

More articles:


All Articles