Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 882
  • Last Modified:

C# ASPX - 404 error when HTML is passed to a dynamic page.

IIS 7:  I'm trying not to touch the Machine config file if I don't have to for this, but if that is the only way...

In my site (.NET 4.0, C#, ASP.NET, IIS7) I only have a single page called dynamic.aspx.  I presently have the 404 error redirected to it:
...
    <customErrors mode="On" redirectMode="ResponseRewrite" >
      <error statusCode="404" redirect="dynamic.aspx" />
...
My site successfully reads the attempted page, and looks up the content in a DB to display.


:::PROBLEM:::

Forms work normally, I can login, I can edit content through form editor, BUT when I include HTML content, like a BR or HR tag, or any HTML code, I get a 404 error.  

I don't want to change the IIS configuration, because I would like to run this on a shared hosting server, instead of having to pay for something more dedicated.  (if needed, it can be done, but I really want a cheaper solution)

:::Direction:::
I believe that IIS has a protection in place for blocking HTML code submitted through forms.  And when that protection is fired, it is no longer using the Web.Config's 404 information.  

Any ideas?
0
hpdvs2
Asked:
hpdvs2
  • 5
  • 4
1 Solution
 
BurniePCommented:
You can try adding ValidateRequest="false" to the <@Page directives:

<%@ Page Language="C#" ValidateRequest="false" AutoEventWireup="true" CodeBehind="~/Default.aspx.cs" Inherits="Sample._Default" %>
0
 
David H.H.LeeCommented:
Hi hpdvs2,
If you want to submitted HTML code related post via form editor, you need to turn off validateRequest property. But, you need to aware of this allowed script for system vulnerability issue.
eg:
<%@ Page Language="VB" ValidateRequest="false" %>

Check this for more details:
http://www.asp101.com/articles/john/textedit/default.asp 
0
 
hpdvs2Author Commented:
Thanks, but neither of these solutions repaired this problem.  I still get the default 404 error page showing up.  The problem is that the page is not even getting contacted.  

Nothing in the code gets touched.  It is showing the html 404 page, instead of getting to the actual dynamic.aspx (my 404) page.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
BurniePCommented:
If you are accessing an .aspx page and you really have customerror section defined in the web.config, it will redirect to the custom page you have defined there.

I am guessing that you are trying to access a page with a different extension, hence why asp.net doesn't know, and is not redirecting you.  If you want to enable redirection to a custom page from a non-.aspx file, you will need to edit the configuration of your website in IIS.

I am copy pasting an explanation how to do it from : http://forums.asp.net/p/1317222/2610063.aspx 
They are talking about the same kind of error you have.  I hope it helps.

This is because ASP.NET never even knows that there has been a request for the .htm page. IIS will handle .htm pages by itself without involving ASP.NET at all.

You can get your custom page to show in one of two ways:

1.Get ASP.NET to process .htm pages: In IIS rightclick your website/virtual directory --> properties --> home directory/virtual directory tab --> "configuration" button under the "application settings" section --> Add the mapping.
2.Set the custom error page for IIS: In IIS rightclick your website/virtual directory --> properties --> custom errors tab --> set the 404 error to the page your error page.


0
 
hpdvs2Author Commented:
Thanks, but I believe you missed part of the explanation.  The 404 redirection works.  

All pages correctly display the dynamic.aspx page.  (hidden behind the original URL.)

Form submits also work against them.  

And I have also tried messing with IIS, exactly as you have suggested, to make sure I didn't miss anything.

The problem is specifically when HTML tags are included in the form submission.

When that happens, I get one of the default 404 errors, instead of my dynamic aspx page (as I normally get)
0
 
BurniePCommented:
Ok,

I think I understand your question now.  It would be error 500 and not 404.

You will need to add :

    <customErrors mode="On" redirectMode="ResponseRewrite" >
      <error statusCode="404" redirect="dynamic.aspx" />
      <error statusCode="500" redirect="dynamic.aspx" />
0
 
hpdvs2Author Commented:
Thanks, thats the same answer I got on a repost, but allow me to show you the error page I'm getting:

Server Error in '/LbpSite2' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /LbpSite2/Content Editor.aspx
0
 
hpdvs2Author Commented:
I just tried adding the 500 error as well and refreshing the server, and I'm still receiving the same problem.
0
 
BurniePCommented:
Hi hpdvs2,

One last thing.. do you have a ErrorPage directive defined in your @Page directives?  Maybe it is trying to open that page and it doesn't find it.

:)
0
 
hpdvs2Author Commented:
An answer did come in, from BurnieP
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now