C# ASPX - 404 error when HTML is passed to a dynamic page.
IIS 7: I'm trying not to touch the Machine config file if I don't have to for this, but if that is the only way...
In my site (.NET 4.0, C#, ASP.NET, IIS7) I only have a single page called dynamic.aspx. I presently have the 404 error redirected to it:
...
<customErrors mode="On" redirectMode="ResponseRewr
<error statusCode="404" redirect="dynamic.aspx" />
...
My site successfully reads the attempted page, and looks up the content in a DB to display.
:::PROBLEM:::
Forms work normally, I can login, I can edit content through form editor, BUT when I include HTML content, like a BR or HR tag, or any HTML code, I get a 404 error.
I don't want to change the IIS configuration, because I would like to run this on a shared hosting server, instead of having to pay for something more dedicated. (if needed, it can be done, but I really want a cheaper solution)
:::Direction:::
I believe that IIS has a protection in place for blocking HTML code submitted through forms. And when that protection is fired, it is no longer using the Web.Config's 404 information.
Any ideas?
In my site (.NET 4.0, C#, ASP.NET, IIS7) I only have a single page called dynamic.aspx. I presently have the 404 error redirected to it:
...
<customErrors mode="On" redirectMode="ResponseRewr
<error statusCode="404" redirect="dynamic.aspx" />
...
My site successfully reads the attempted page, and looks up the content in a DB to display.
:::PROBLEM:::
Forms work normally, I can login, I can edit content through form editor, BUT when I include HTML content, like a BR or HR tag, or any HTML code, I get a 404 error.
I don't want to change the IIS configuration, because I would like to run this on a shared hosting server, instead of having to pay for something more dedicated. (if needed, it can be done, but I really want a cheaper solution)
:::Direction:::
I believe that IIS has a protection in place for blocking HTML code submitted through forms. And when that protection is fired, it is no longer using the Web.Config's 404 information.
Any ideas?
Hi hpdvs2,
If you want to submitted HTML code related post via form editor, you need to turn off validateRequest property. But, you need to aware of this allowed script for system vulnerability issue.
eg:
<%@ Page Language="VB" ValidateRequest="false" %>
Check this for more details:
http://www.asp101.com/articles/john/textedit/default.asp
If you want to submitted HTML code related post via form editor, you need to turn off validateRequest property. But, you need to aware of this allowed script for system vulnerability issue.
eg:
<%@ Page Language="VB" ValidateRequest="false" %>
Check this for more details:
http://www.asp101.com/articles/john/textedit/default.asp
Thanks, but neither of these solutions repaired this problem. I still get the default 404 error page showing up. The problem is that the page is not even getting contacted.
Nothing in the code gets touched. It is showing the html 404 page, instead of getting to the actual dynamic.aspx (my 404) page.
Nothing in the code gets touched. It is showing the html 404 page, instead of getting to the actual dynamic.aspx (my 404) page.
If you are accessing an .aspx page and you really have customerror section defined in the web.config, it will redirect to the custom page you have defined there.
I am guessing that you are trying to access a page with a different extension, hence why asp.net doesn't know, and is not redirecting you. If you want to enable redirection to a custom page from a non-.aspx file, you will need to edit the configuration of your website in IIS.
I am copy pasting an explanation how to do it from : http://forums.asp.net/p/1317222/2610063.aspx
They are talking about the same kind of error you have. I hope it helps.
This is because ASP.NET never even knows that there has been a request for the .htm page. IIS will handle .htm pages by itself without involving ASP.NET at all.
You can get your custom page to show in one of two ways:
1.Get ASP.NET to process .htm pages: In IIS rightclick your website/virtual directory --> properties --> home directory/virtual directory tab --> "configuration" button under the "application settings" section --> Add the mapping.
2.Set the custom error page for IIS: In IIS rightclick your website/virtual directory --> properties --> custom errors tab --> set the 404 error to the page your error page.
I am guessing that you are trying to access a page with a different extension, hence why asp.net doesn't know, and is not redirecting you. If you want to enable redirection to a custom page from a non-.aspx file, you will need to edit the configuration of your website in IIS.
I am copy pasting an explanation how to do it from : http://forums.asp.net/p/1317222/2610063.aspx
They are talking about the same kind of error you have. I hope it helps.
This is because ASP.NET never even knows that there has been a request for the .htm page. IIS will handle .htm pages by itself without involving ASP.NET at all.
You can get your custom page to show in one of two ways:
1.Get ASP.NET to process .htm pages: In IIS rightclick your website/virtual directory --> properties --> home directory/virtual directory tab --> "configuration" button under the "application settings" section --> Add the mapping.
2.Set the custom error page for IIS: In IIS rightclick your website/virtual directory --> properties --> custom errors tab --> set the 404 error to the page your error page.
Thanks, but I believe you missed part of the explanation. The 404 redirection works.
All pages correctly display the dynamic.aspx page. (hidden behind the original URL.)
Form submits also work against them.
And I have also tried messing with IIS, exactly as you have suggested, to make sure I didn't miss anything.
The problem is specifically when HTML tags are included in the form submission.
When that happens, I get one of the default 404 errors, instead of my dynamic aspx page (as I normally get)
All pages correctly display the dynamic.aspx page. (hidden behind the original URL.)
Form submits also work against them.
And I have also tried messing with IIS, exactly as you have suggested, to make sure I didn't miss anything.
The problem is specifically when HTML tags are included in the form submission.
When that happens, I get one of the default 404 errors, instead of my dynamic aspx page (as I normally get)
Ok,
I think I understand your question now. It would be error 500 and not 404.
You will need to add :
<customErrors mode="On" redirectMode="ResponseRewr
<error statusCode="404" redirect="dynamic.aspx" />
<error statusCode="500" redirect="dynamic.aspx" />
I think I understand your question now. It would be error 500 and not 404.
You will need to add :
<customErrors mode="On" redirectMode="ResponseRewr
<error statusCode="404" redirect="dynamic.aspx" />
<error statusCode="500" redirect="dynamic.aspx" />
Thanks, thats the same answer I got on a repost, but allow me to show you the error page I'm getting:
Server Error in '/LbpSite2' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /LbpSite2/Content Editor.aspx
Server Error in '/LbpSite2' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /LbpSite2/Content Editor.aspx
I just tried adding the 500 error as well and refreshing the server, and I'm still receiving the same problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
An answer did come in, from BurnieP
<%@ Page Language="C#" ValidateRequest="false" AutoEventWireup="true" CodeBehind="~/Default.aspx