Handling 404, unhandled and unsafe URL errors in ASP.NET MVC application
Spent a bit of time recently to try and get my MVC application handle 404 errors exactly as I want. The solution that I ended up choosing is based on this excellent SO answer.
The advantage of rendering the Error view by calling
ErrorController.Execute, as opposed to making an entry in web.config, is that you get to preserve the URL without a browser redirect.
If you think about which scenarios warrant a 404 response a more involved strategy is justifiable:
- Non-supported controller name - captured by
- Supported controller but bad action - captured by
- Non-supported URL format - captured by the catch-all rule.
ErrorController.Execute allows to preserve the URL for all of those scenarios. Now, to trap all unhandled exceptions in order to not show a Yellow Screen of Death, you would need to do some error handling in
Application.Error event handler. Something similar is described in this answer.
There is a catch, however. If the anti-XSS features kick in and disallow a URL containing, say, angle brackets, executing error controller from global exception handler will throw an exception resulting in a YSOD.
The best solution i found was to catch the exception when doing
Execute and do a browser redirect then. This prevents the runtime from creating a YSOD due to an unhandled exception in the exception event.
It’s probably not the best idea to handle 400 error as 404, hence we redirect to a “BadRequest” action in the
blog comments powered by Disqus