How to Set Up ASP.NET Custom Errors

Michael OssouThere are two primary reasons to configure your website to use ASP.NET Custom Errors. The first being to provide your end users with a polished experience, even when things don’t go as expected. Nothing says “this site was slapped together” more than the generic 404 page issued by IIS or the 500 series yellow screen of death the ASP.NET Engine generates.

There are also security concerns when rendering verbose error messages to your users browser. There is no need for the world to know anything about the inner workings of your application. In fact if your website does expose verbose error data, you likely will not have a shot at becoming PCI compliant.

Fortunately, setting up custom errors is a rather easy process. The first step is to update our web.config file as shown below:

<customErrors mode="RemoteOnly" defaultRedirect="NiceError.aspx" />

Notice that the mode has been set to RemoteOnly. This means that custom errors will only be issued to users connecting from a remote computer. However, when we as developers run the application on our local machines via Visual Studio, we still see the actual errors.

In the above example, anytime a 400 or 500 series error is encountered, the user will be redirected to the NiceError.aspx page. This is something that you will want to pay close attention to. The reason being, once the 404 error has been issued, the redirect to the friendly page will generate a 200 Success HTTP message as the friendly page has now been served successfully.

All errors are not created equally however. We may want to specify the type of page that is served depending on the status code generated. This is especially useful for distinguishing 404 from 500 errors. When issuing the 404, we will probably want to notify the user that the resource requested is not present. We can even take this opportunity to do so in a creative way. There are some cool examples here.

If a user encounters a 500 series error however, we probably owe them an apology, and may even want to provide them with information on how to report the error or who to contact.

In the example below, we do just that. 404’s are redirected to the NiceError.aspx file, whereas 500 errors are redirected to My404.aspx file.

<customErrors mode="RemoteOnly" defaultRedirect="NiceError.aspx">
<error statusCode="404" redirect="My404.aspx"/>
</customErrors>

The following video is a short demonstration of  ASP.NET Custom Errors & Detailed Error Logging.


No responses yet

Leave a Reply