ASP.NET MVC4 error handling for 404, 401 and other exceptions

2018-06-25 15:50:49

I'm struggling to understand how to correctly handle errors in ASP.NET MVC4. As an example, I've created a new MVC4 project using the "Internet Application" template and updated my home controller to test out some error cases:

public class HomeController : Controller
{
    public ActionResult Index()
    {
        ViewBag.Message = "Hello";
        return View();
    }

    public ActionResult About()
    {
        throw new HttpException(401, "Not Authorized");
    }

    public ActionResult Contact()
    {
        throw new Exception("Oh no, some error occurred...");
    }
}

I have enabled customErrors in my web.config file:

<customErrors mode="On"></customErrors>

When I run the app and click "Contact", I see the ~/Views/Shared/Error.cshtml view as expected, since I have the HandleErrorAttribute registered as a global filter.

However, when I click "About", I get the standard ASP.NET yellow error page that says "Runtime Error". Why are these two exceptions being handled differently and how can I get instances of HttpException to get caught using the HandleError attribute?

CustomErrors config

Ideally, I'd like custom error pages for the following:

A custom 404 (not found) page that's nice and user friendly

A custom 401 (not authorised) page that informs the user that they do not have access (eg thrown after checking permissions for a particular item in the model)

A generic error page that is used in all other cases (in place of the standard yellow ASP.NET page).

I've created a new "Error" controller with views for each of the scenarios above. I have then updated customErrors in web.config like so:

<customErrors mode="On" defaultRedirect="~/Error/Trouble">
    <error statusCode="404" redirect="~/Error/NotFound"></error>
    <error statusCode="401" redirect="~/Error/NotAuthorized"></error>
</customErrors>

The 404 page works fine, but I don't get the 401 page at all . Instead, I get the ~/Error/Trouble view (the one specified as the defaultRedirect ) when I try to access the About action on the Home controller.

Why is my custom 401 redirect page not working?

ASP.NET uses 401's internally to redirect users to the login page. Wherever you were planning to throw a 401 unauthorized, instead throw a 403 forbidden.

如果你真的需要返回401而不是403，那么你可以使用：

HttpContext.Current.Response.SuppressFormsAuthenticationRedirect = true

I had a similar problem where I could not get 401 errors to go to my page despite the change to the web.config.

For a 401 you will probably be seeing the standard 401 Unauthorised page, even if you have added 401 to the customerrors section in your web.config. I read that when using IIS and Windows Authentication the check happens before ASP.NET even sees the request, hence you see it's own 401.

For my project I edited the Global.asax file to redirect to a route I had created for 401 errors, sending the user to the "Unauthorised to see this" view.

In the Global.asax:

    void Application_EndRequest(object sender, System.EventArgs e)
    {
        // If the user is not authorised to see this page or access this function, send them to the error page.
        if (Response.StatusCode == 401)
        {
            Response.ClearContent();
            Response.RedirectToRoute("ErrorHandler", (RouteTable.Routes["ErrorHandler"] as Route).Defaults);
        }
    }

and in the Route.config:

        routes.MapRoute(
        "ErrorHandler",
        "Error/{action}/{errMsg}",
        new { controller = "Error", action = "Unauthorised", errMsg = UrlParameter.Optional }
        );

and in the controller:

    public ViewResult Unauthorised()
    {
        //Response.StatusCode = 401; // Do not set this or else you get a redirect loop
        return View();
    }

链接地址: http://www.djcxy.com/p/71818.html

上一篇: 参数名称：directoryVirtualPath

下一篇: 404，401和其他异常的ASP.NET MVC4错误处理