How to catch HttpRequestValidationException in production

问题

I have this piece of code to handle the HttpRequestValidationException in my global.asax.cs file.

protected void Application_Error(object sender, EventArgs e)
{
    var context = HttpContext.Current;
    var exception = context.Server.GetLastError();
    if (exception is HttpRequestValidationException)
    {
        Response.Clear();
        Response.StatusCode = 200;
        Response.Write(@"<html><head></head><body>hello</body></html>");
        Response.End();
        return;
    }
}

If I debug my webapplication, it works perfect. But when i put it on our production-server, the server ignores it and generate the "a potentially dangerous request.form value was detected from the client" - error page. I don't know what happens exactly... If anybody knows what the problem is, or what i do wrong..?

Also I don't want to set the validaterequest on false in the web.config.

The server uses IIS7.5, And I'm using asp.net 3.5.

Thanks, Bruno

回答1:

Ok, i found it my self. I must clear my last error.

protected void Application_Error(object sender, EventArgs e)
{
    var context = HttpContext.Current;
    var exception = context.Server.GetLastError();
    if (exception is HttpRequestValidationException)
    {
        context.Server.ClearError();    // Here is the new line.
        Response.Clear();
        Response.StatusCode = 200;
        Response.Write(@"<html><head></head><body>hello</body></html>");
        Response.End();
        return;
    }
}

回答2:

Another way that only works with MVC is using a custom Exception Filter:

• Create a custom FilterAttribute that implements IExceptionFilter
• from inside the FilterAttribute, you can redirect to the controller or view to be used to display the error.
• register the filter in the Global.asax or attribute your controllers

This has the advantage that you can use the normal MVC infrastructure (Razor) to render the error view.

public class HttpRequestValidationExceptionAttribute : FilterAttribute, IExceptionFilter {

    public void OnException(ExceptionContext filterContext) {
        if (!filterContext.ExceptionHandled && filterContext.Exception is HttpRequestValidationException) {
            filterContext.Result = new RedirectResult("~/HttpError/HttpRequestValidationError");
            filterContext.ExceptionHandled = true;
        }
    }
}

来源：https://stackoverflow.com/questions/5028206/how-to-catch-httprequestvalidationexception-in-production