Solved

C# ASPX - 404 error when HTML is passed to a dynamic page.

Posted on 2010-11-13
10
854 Views
Last Modified: 2012-05-10
IIS 7:  I'm trying not to touch the Machine config file if I don't have to for this, but if that is the only way...

In my site (.NET 4.0, C#, ASP.NET, IIS7) I only have a single page called dynamic.aspx.  I presently have the 404 error redirected to it:
...
    <customErrors mode="On" redirectMode="ResponseRewrite" >
      <error statusCode="404" redirect="dynamic.aspx" />
...
My site successfully reads the attempted page, and looks up the content in a DB to display.


:::PROBLEM:::

Forms work normally, I can login, I can edit content through form editor, BUT when I include HTML content, like a BR or HR tag, or any HTML code, I get a 404 error.  

I don't want to change the IIS configuration, because I would like to run this on a shared hosting server, instead of having to pay for something more dedicated.  (if needed, it can be done, but I really want a cheaper solution)

:::Direction:::
I believe that IIS has a protection in place for blocking HTML code submitted through forms.  And when that protection is fired, it is no longer using the Web.Config's 404 information.  

Any ideas?
0
Comment
Question by:hpdvs2
  • 5
  • 4
10 Comments
 
LVL 16

Expert Comment

by:BurnieP
ID: 34128405
You can try adding ValidateRequest="false" to the <@Page directives:

<%@ Page Language="C#" ValidateRequest="false" AutoEventWireup="true" CodeBehind="~/Default.aspx.cs" Inherits="Sample._Default" %>
0
 
LVL 29

Expert Comment

by:David H.H.Lee
ID: 34128428
Hi hpdvs2,
If you want to submitted HTML code related post via form editor, you need to turn off validateRequest property. But, you need to aware of this allowed script for system vulnerability issue.
eg:
<%@ Page Language="VB" ValidateRequest="false" %>

Check this for more details:
http://www.asp101.com/articles/john/textedit/default.asp
0
 
LVL 8

Author Comment

by:hpdvs2
ID: 34128948
Thanks, but neither of these solutions repaired this problem.  I still get the default 404 error page showing up.  The problem is that the page is not even getting contacted.  

Nothing in the code gets touched.  It is showing the html 404 page, instead of getting to the actual dynamic.aspx (my 404) page.
0
 
LVL 16

Expert Comment

by:BurnieP
ID: 34129017
If you are accessing an .aspx page and you really have customerror section defined in the web.config, it will redirect to the custom page you have defined there.

I am guessing that you are trying to access a page with a different extension, hence why asp.net doesn't know, and is not redirecting you.  If you want to enable redirection to a custom page from a non-.aspx file, you will need to edit the configuration of your website in IIS.

I am copy pasting an explanation how to do it from : http://forums.asp.net/p/1317222/2610063.aspx
They are talking about the same kind of error you have.  I hope it helps.

This is because ASP.NET never even knows that there has been a request for the .htm page. IIS will handle .htm pages by itself without involving ASP.NET at all.

You can get your custom page to show in one of two ways:

1.Get ASP.NET to process .htm pages: In IIS rightclick your website/virtual directory --> properties --> home directory/virtual directory tab --> "configuration" button under the "application settings" section --> Add the mapping.
2.Set the custom error page for IIS: In IIS rightclick your website/virtual directory --> properties --> custom errors tab --> set the 404 error to the page your error page.


0
 
LVL 8

Author Comment

by:hpdvs2
ID: 34129809
Thanks, but I believe you missed part of the explanation.  The 404 redirection works.  

All pages correctly display the dynamic.aspx page.  (hidden behind the original URL.)

Form submits also work against them.  

And I have also tried messing with IIS, exactly as you have suggested, to make sure I didn't miss anything.

The problem is specifically when HTML tags are included in the form submission.

When that happens, I get one of the default 404 errors, instead of my dynamic aspx page (as I normally get)
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 16

Expert Comment

by:BurnieP
ID: 34131502
Ok,

I think I understand your question now.  It would be error 500 and not 404.

You will need to add :

    <customErrors mode="On" redirectMode="ResponseRewrite" >
      <error statusCode="404" redirect="dynamic.aspx" />
      <error statusCode="500" redirect="dynamic.aspx" />
0
 
LVL 8

Author Comment

by:hpdvs2
ID: 34131543
Thanks, thats the same answer I got on a repost, but allow me to show you the error page I'm getting:

Server Error in '/LbpSite2' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /LbpSite2/Content Editor.aspx
0
 
LVL 8

Author Comment

by:hpdvs2
ID: 34131554
I just tried adding the 500 error as well and refreshing the server, and I'm still receiving the same problem.
0
 
LVL 16

Accepted Solution

by:
BurnieP earned 500 total points
ID: 34133655
Hi hpdvs2,

One last thing.. do you have a ErrorPage directive defined in your @Page directives?  Maybe it is trying to open that page and it doesn't find it.

:)
0
 
LVL 8

Author Comment

by:hpdvs2
ID: 34138968
An answer did come in, from BurnieP
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Why do we like using grid based layouts in website design? Let's look at the live examples of websites and compare them to grid based WordPress themes.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now