The error handling HttpModule has code in it to redirect the user to the appropriate error page, but it is not doing that, instead it is displaying the error page with the technical details including the stack trace.
I am maintaining a web app under Visual Studio 2008 and it was previously running fine when working on it under Win XP, but we have since moved onto Win 7 and I have ran into this issue when the user does not have the correct permission to view the selected data. I have added the necessary changes to make the app work under IIS 7, including adding the HttpModule to the <system.webServer><modules>
section of the Web.config
file. I'm wondering if there is something else that is missing?
Here is the problem in detail: I have a Web Form that makes use of an ObjectDataSource which calls a method GetAppData() in a C# service layer code file to display data to the user. The service layer file checks to if the user has the correct permissions to view the data, and since they don't, it throws an InvalidPermissionException
. This then triggers the Application_Error method to execute in my error handling HttpModule which catches the error and should redirect the user to the InvalidPermissionError.aspx
page; however, what I am seeing instead is the error page with the technical details and the stack trace. How do I get it to display the user friendly error page?
Below is the relevant code (I have not included everything in):
Figure 1: Web Form
<asp:ObjectDataSource ID="appDataSource" runat="server"
TypeName="Services.App.IAppService"
SelectMethod="GetAppData"
OnSelecting="appDataSource_Selecting"
OnObjectCreating="appDataSource_Creating">
<SelectParameters>
<asp:Parameter Name="Id" Type="Int32" />
</SelectParameters>
</asp:ObjectDataSource>
Figure 2: Custom error handling HttpModule
public class ErrorModule : IHttpModule
{
protected void Application_Error( object sender, EventArgs e )
{
if ( sender is System.Web.HttpApplication )
{
HttpApplication application = (HttpApplication)sender;
Exception exception = application.Server.GetLastError();
Exception baseException = exception.GetBaseException();
if ( exception is InvalidPermissionException )
{
HandleInvalidPermissionException(application,
(InvalidPermissionException)exception );
}
else if ( baseException.GetBaseException() is InvalidPermissionException )
{
HandleInvalidPermissionException( application,
(InvalidPermissionException)baseException );
}
}
Figure 3: Page Redirecting Code
private void HandleInvalidPermissionException( HttpApplication application, InvalidPermissionException exception )
{
application.Response.Redirect(String.Format("InvalidPermissionError.aspx?id={0}" ,
application.Request.Params["id"]) );
application.Server.ClearError();
Log.Error( exception.Message, exception );
}
Have you checked whether the application pool used by IIS to host your website is running in "Integrated Pipeline" mode?