This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

CRV2 FrameworkSpecIssuesASPNetConfigs

From OWASP
Revision as of 18:00, 2 July 2013 by Johanna Curiel (talk | contribs) (Created page with "=Configure exceptions for Error Code handling = Showing and handling the correct error code when a user sends a bad request or invalid parameters is an important configuration...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Configure exceptions for Error Code handling

Showing and handling the correct error code when a user sends a bad request or invalid parameters is an important configuration subject. Logging these errors are also an excellent help when analyzing potential attacks to the application.


It is possible to configure these errors in the code or in the Web.Config file

The HttpException method Describes an exception that occurred during the processing of HTTP requests.For example: 

if (string.IsNullOrEmpty(Request["id"]))
    throw new HttpException(400, "Bad request");


or in the Web.config file: 


<configuration>
 <system.web>
   <customErrors mode="On" defaultRedirect="ErrorPage.html" 
                redirectMode="ResponseRewrite">
     <error statusCode="400" redirect="BadRequest.html" />
     <error statusCode="404" redirect="FileNotFound.html" />
   </customErrors>
 </system.web>
</configuration>
Retrieved from "https://wiki.owasp.org/index.php?title=CRV2_FrameworkSpecIssuesASPNetConfigs&oldid=154886"