static void FinishWithException(HttpWorkerRequest wr, HttpException e)
{
int code = e.GetHttpCode();
wr.SendStatus(code, HttpWorkerRequest.GetStatusDescription(code));
wr.SendUnknownResponseHeader("Connection", "close");
Encoding enc = Encoding.ASCII;
wr.SendUnknownResponseHeader("Content-Type", "text/html; charset=" + enc.WebName);
string msg = e.GetHtmlErrorMessage();
byte [] contentBytes = enc.GetBytes(msg);
wr.SendUnknownResponseHeader("Content-Length", contentBytes.Length.ToString());
wr.SendResponseFromMemory(contentBytes, contentBytes.Length);
wr.FlushResponse(true);
wr.CloseConnection();
HttpApplication.requests_total_counter.Increment();
}
void OnAuthorizeRequest (object sender, EventArgs args)
{
HttpApplication app = (HttpApplication) sender;
HttpContext context = app.Context;
if (context.SkipAuthorization)
return;
AuthorizationConfig config = (AuthorizationConfig) context.GetConfig ("system.web/authorization");
if (config == null)
return;
if (!config.IsValidUser (context.User, context.Request.HttpMethod)) {
HttpException e = new HttpException (401, "Unauthorized");
context.Response.StatusCode = 401;
context.Response.Write (e.GetHtmlErrorMessage ());
app.CompleteRequest ();
}
}
public void ProcessRequest ()
{
string error = null;
inUnhandledException = false;
try {
AssertFileAccessible ();
HttpRuntime.ProcessRequest (this);
} catch (HttpException ex) {
inUnhandledException = true;
error = ex.GetHtmlErrorMessage ();
} catch (Exception ex) {
inUnhandledException = true;
var hex = new HttpException (400, "Bad request", ex);
error = hex.GetHtmlErrorMessage ();
}
if (!inUnhandledException)
return;
if (error.Length == 0)
error = String.Format (DEFAULT_EXCEPTION_HTML, "Unknown error");
try {
SendStatus (400, "Bad request");
SendUnknownResponseHeader ("Connection", "close");
SendUnknownResponseHeader ("Date", DateTime.Now.ToUniversalTime ().ToString ("r"));
Encoding enc = Encoding.UTF8;
byte[] bytes = enc.GetBytes (error);
SendUnknownResponseHeader ("Content-Type", "text/html; charset=" + enc.WebName);
SendUnknownResponseHeader ("Content-Length", bytes.Length.ToString ());
SendResponseFromMemory (bytes, bytes.Length);
FlushResponse (true);
} catch (Exception ex) { // should "never" happen
Logger.Write (LogLevel.Error, "Error while processing a request: ");
Logger.Write (ex);
throw;
}
}
private static string TryGetHtmlErrorMessage(HttpException e)
{
Debug.Assert(e != null);
try
{
return e.GetHtmlErrorMessage();
}
catch (SecurityException se)
{
// In partial trust environments, HttpException.GetHtmlErrorMessage()
// has been known to throw:
// System.Security.SecurityException: Request for the
// permission of type 'System.Web.AspNetHostingPermission' failed.
//
// See issue #179 for more background:
// http://code.google.com/p/elmah/issues/detail?id=179
Trace.WriteLine(se);
return null;
}
}
private static void LogHttpException(HttpException ex, HttpContext context, RouteData routeData, BaseController controller)
{
int httpCode = ex.GetHttpCode();
string message = string.Empty;
if (httpCode == 404)
{
LogFileNotFound(ex, context, routeData, controller);
return;
}
if ((httpCode == 400) && (routeData != null))
{
//if 400 came from a controller, handle it in the bad request log, not system (error) log
LogBadRequest(ex, context, routeData, controller);
return;
}
message = "Http Exception " + httpCode + " " + ex.GetHtmlErrorMessage()
+ " \n-Message: " + ex.Message
+ " \n-Source: " + ex.Source
+ " \n-WebEventCode: " + ex.WebEventCode
+ " \n-ErrorCode: " + ex.ErrorCode
+ " \n-TargetSiteName: " + ex.TargetSite.Name
+ " \n-StackTrace: " + ex.StackTrace;
LogException(message, ex, Models.SystemEventLevel.Error, context, routeData, controller);
}
public void Constructor2b_Deny_Unrestricted ()
{
HttpException e = new HttpException ("message", new Exception ());
e.GetHtmlErrorMessage (); // null for ms, non-null for mono
Assert.AreEqual (500, e.GetHttpCode (), "HttpCode");
}
/// <summary>
/// Processes the request contained in the current instance.
/// </summary>
public void ProcessRequest ()
{
string error = null;
inUnhandledException = false;
try {
HttpRuntime.ProcessRequest (this);
} catch (HttpException ex) {
inUnhandledException = true;
error = ex.GetHtmlErrorMessage ();
} catch (Exception ex) {
inUnhandledException = true;
HttpException hex = new HttpException (400, "Bad request", ex);
if (hex != null) // just a precaution
error = hex.GetHtmlErrorMessage ();
else
error = String.Format (defaultExceptionHtml, ex.Message);
}
if (!inUnhandledException)
return;
if (error.Length == 0)
error = String.Format (defaultExceptionHtml, "Unknown error");
try {
SendStatus (400, "Bad request");
SendUnknownResponseHeader ("Connection", "close");
SendUnknownResponseHeader ("Date", DateTime.Now.ToUniversalTime ().ToString ("r"));
Encoding enc = Encoding.UTF8;
if (enc == null)
enc = Encoding.ASCII;
byte[] bytes = enc.GetBytes (error);
SendUnknownResponseHeader ("Content-Type", "text/html; charset=" + enc.WebName);
SendUnknownResponseHeader ("Content-Length", bytes.Length.ToString ());
SendResponseFromMemory (bytes, bytes.Length);
FlushResponse (true);
} catch (Exception ex) { // should "never" happen
throw ex;
}
}
static void FinishWithException (HttpWorkerRequest wr, HttpException e)
{
int code = e.GetHttpCode ();
wr.SendStatus (code, HttpWorkerRequest.GetStatusDescription (code));
wr.SendUnknownResponseHeader ("Connection", "close");
Encoding enc = Encoding.ASCII;
wr.SendUnknownResponseHeader ("Content-Type", "text/html; charset=" + enc.WebName);
string msg = e.GetHtmlErrorMessage ();
byte [] contentBytes = enc.GetBytes (msg);
wr.SendUnknownResponseHeader ("Content-Length", contentBytes.Length.ToString ());
wr.SendResponseFromMemory (contentBytes, contentBytes.Length);
wr.FlushResponse (true);
wr.CloseConnection ();
HttpApplication.requests_total_counter.Increment ();
}
protected virtual void WriteUnauthorizedResponseHtml(HttpContext context)
{
//
// Let's try to get the ASP.NET runtime to give us the HTML for a
// security exception. If we can't get this, then we'll write out
// our own default message. A derived implementation may want to
// also want to involve custom error messages for production
// scenarios, which is not done here.
//
HttpException error = new HttpException(401, null, new SecurityException());
string html = Mask.NullString(error.GetHtmlErrorMessage());
if (html.Length == 0)
html = DefaultUnauthorizedResponseHtml;
context.Response.Write(html);
}
/// <summary>
/// Add Exception data to the object fields
/// </summary>
/// <param name="errorcoderule">The error code rule.</param>
/// <param name="context">An HttpContext object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>
/// <param name="httpException">an HTTP exception thrown</param>
/// <param name="rules">WebErrorCode rule from dictionary</param>
private void AddHttpExceptionData(VLogErrorCode errorcoderule, HttpContext context, HttpException httpException, VLogErrorCode rules)
{
// Mandatory Fields
this.HttpStatusCodeDescription = errorcoderule.Message;
this.WebHostHtmlMessage = new VXmlCData(httpException.GetHtmlErrorMessage());
this.ErrorPriority = errorcoderule.Priority;
// If the HTTP context is available, then capture the
// collections that represent the state request.
HttpRequest request = context.Request;
this.AddHeader(rules, request);
this.AddServerVariables(rules, request);
this.AddContextItems(rules, context);
this.AddQueryStringVariables(rules, request);
this.AddFormVariables(rules, request);
this.AddCookies(rules, request);
this.AddApplicationStateVariables(context, rules);
this.AddSessionStateVariables(context, rules);
}
private static string SafeTryGetHtmlErrorMessage(HttpException exception)
{
if ((exception != null) && canGetHtmlErrorMessage)
{
try
{
return exception.GetHtmlErrorMessage();
}
catch (SecurityException exception2)
{
canGetHtmlErrorMessage = false;
if (DiagnosticUtility.ShouldTraceWarning)
{
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception2, TraceEventType.Warning);
}
}
}
return null;
}
