I have developed a website in asp.net and hosted it on server. It works fine with computer's but it do not run on mobile. The web.config error occurs every time.Web.config Error Occurs Every Time.
In Web.Config file do as below
<configuration>
<system.web>
<customErrors defaultRedirect="GenericError.htm"
mode="RemoteOnly">
<error statusCode="500"
redirect="InternalError.htm"/>
</customErrors>
</system.web>
</configuration>
it for the Un-handeled exception thrown when use browsing your web application. if you dont set that flag user will receive full stackstrace of error which user dont want. so it better you set the flag to On or Remoteonly in production environment.
On-Specifies that custom errors are enabled. If no defaultRedirect attribute is specified, users see a generic error. The custom errors are shown to the remote clients and to the local host.
Off-Specifies that custom errors are disabled. The detailed ASP.NET errors are shown to the remote clients and to the local host.
RemoteOnly-Specifies that custom errors are shown only to the remote clients, and that ASP.NET errors are shown to the local host. This is the default value.
Read more : https://msdn.microsoft.com/en-us/library/h0hfz6fc(v=vs.100).aspx
Related
During the Pen Test, we received one vulnerability. Repro Steps was Change Host (let's say google.com) to different domain and then hit URL. Then following screen shown,
Here Version Information for dot net framework is showing. I weant through various atricals on internet and they are asking to used in web.config
This tag is already present in web.config and when we hit url without chaning Host it is showing error.aspx page but when we change Host it is showing attached page.In attached image Version Information is mentioned and I want to get rid of that.
Also on out testing envrionment,the version information is not shown with resource not found message. Is there any way to remove version information apart from customErrors tag. Please help me out. We are using IIS 10.
The tag you are already using in the web.config is probably the <customErrors> tag. and that's great for errors that can be caught at the .Net level.
But for errors that don't enter the .Net pipeline you will need to configure the IIS error page for the 404 error. This can be done via the <system.webServer><httpErrors> section of the web.config. For example to return the contents of my-iis-404-page.htm which you locate in the root directory of the website, you could use this:
<system.webServer>
<httpErrors errorMode="Custom" existingResponse="Auto">
<error statusCode="404" subStatusCode="" prefixLanguageFilePath="" path="my-iis-404-page.htm" responseMode="File" />
</httpErrors>
</system.webServer>
This configuration can also be done via the IIS gui. For more information about httpErrors aspect of IIS see https://learn.microsoft.com/en-us/iis/configuration/system.webserver/httperrors/
If you want to remove the X-Aspnet-Version HTTP header from each response from ASP.NET, add the following code to the web.config file.
<system.web>
<httpRuntime enableVersionHeader="false" />
</system.web>
I'm trying to upload my c# site,
The sites seems to upload correctly,
But when I try to enter, I get the next message:
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Now I add the customErrors mode="Off" to my Web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<customErrors mode="Off"/>
</system.web>
</configuration>
And the new error is:
Server Error in '/' Application.
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive.
Source Error:
An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Source File: \blablablablablabla\public_html\myweb\web.config Line: 8
Version Information: Microsoft .NET Framework Version:2.0.50727.8793; ASP.NET Version:2.0.50727.8762
I tryed modifying it to 2.0 (because the error signature), also tryed to delete the targetFramework attribute, but nothing works.
Thaaaaanks.
Go to IIS,
Click on Application Pool--> on the right side --> Select your Site--> double click on it and change the .Net Framework to v4.0
I hope it will solve your problem.
Thnks.
I've developed a web application, I deployed this application on the server.
When I ran the application I am getting There was an unexpected server error, that is only error message it shows, no other details.
When I run this application using visual studio, it works just fine. I've tried with below <customErrors mode="On" />
Application pool has been kept in .net version 4.0
Asp.net has been registered with IIS.
Any ideas would help.
on server web.config try below config. you should see detailed error message.
<system.web>
<customErrors mode="Off" />
</system.web>
<system.webServer>
<httpErrors errorMode="Detailed"></httpErrors>
</system.webServer>
There was a network issue, which has been fixed, and it worked. Asp.net Impersonation has been "Enabled", Anonymous Authentication has been "Disabled". Enabled delegation [for kerberos] for the machine at the AD level. These made application work. There was no code issue at all as expected.
I've been investigating this thing for hours but couldn't understand what's the problem causing this behavior.
I have built a simple ASP.NET MVC app to upload and delete photos from a predefined container on the Azure Storage Server.
It works perfectly when I run the application on my machine, locally.
Also, it works perfectly when I run this on my machine but the Data service is located on Azure.
But, when Publishing the application to Azure, surfing to this website runs to this uninformative error:
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current
custom error settings for this application prevent the details of the
application error from being viewed remotely (for security reasons).
It could, however, be viewed by browsers running on the local server
machine.
Details: To enable the details of this specific error message to be
viewable on remote machines, please create a tag within
a "web.config" configuration file located in the root directory of the
current web application. This tag should then have its
"mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a
custom error page by modifying the "defaultRedirect" attribute of the
application's configuration tag to point to a custom
error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
This doesn't tell me anything, also - nothing like this happens when running on my machine with Visual Studio.
If you have any idea what's going on here I'd really appreciate your help, thanks.
My MVC3 application displays custom error pages for 403, 404, and 500 status codes, but browsing to trace.axd displays the following YSOD:
Server Error in '/' Application.
Trace Error
Description: Trace.axd is not enabled in the configuration file for this application. Note: Trace is never enabled when <deployment retail=true />
Details: To enable trace.axd, please create a <trace> tag within the configuration file located in the root directory of the current web application. This <trace> tag should then have its "enabled" attribute set to "true".
<configuration>
<system.web>
<trace enabled="true"/>
</system.web>
</configuration>
So I have trace disabled, which is good, but why is the 500 page not being displayed, since this it's a 403 being returned from the server? I'd be happy enough with a 404, 403, or 500 really - just as long as it's not an ugly yellow screen!
Edit: I was getting a 500 along with the YSOD when running on localhost, but it's actually a 403 on the server which is closer to what I was expecting - but still no custom error page. It's also a slightly different standard error page on the server:
Server Error in '/' Application.
Trace Error
Description: The current trace settings prevent trace.axd from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable trace.axd to be viewable on remote machines, please create a <trace> tag within the configuration file located in the root directory of the current web application. This <trace> tag should then have its "localOnly" attribute set to "false".
<configuration>
<system.web>
<trace localOnly="false"/>
</system.web>
</configuration>
Removing the IgnoreRoute as suggested by #Cosmologinaut didn't work for me and as he says feels wrong. I found a better solution which is to remove the tracing HTTP handler in the Web.config file:
<system.webServer>
<!-- remove TraceHandler-Integrated - Remove the tracing handlers so that navigating to /trace.axd gives us a
404 Not Found instead of 500 Internal Server Error. -->
<handlers>
<remove name="TraceHandler-Integrated" />
<remove name="TraceHandler-Integrated-4.0" />
</handlers>
</system.webServer>
Navigating to /trace.axd now gives us a 404 Not Found instead of 500 Internal Server Error.
Since there were no responses I asked #shanselman on Twitter, who suggested <deployment retail = "true" /> might solve it, but it still returned the same YSOD.
In the end I solved it by removing routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); from the routing config. Doesn't quite seem right, but it works.