If you setup your MVC web application to use a custom error page using the custom errors element in your web.config it works fine until you ask for a non-existent route with a very specific querystring parameter. ?aspxerrorpath=
How to reproduce:
Setup
- create an mvc web application (.Net framework) in visual studio
- check that the default custom error view exists (...\Views\Shared\Error.cshtml)
- Add a basic controller for the view (you don't always need it... Depends on what the rest of your setup is)
- eg
public class ErrorController : Controller
{
public ActionResult Error()
{
return View();
}
}
- Add element to the the web.config
<configuration>
<system.web>
<customErrors mode="On" defaultRedirect="~/Error/Error" redirectMode="ResponseRedirect" />
</system.web>
</configuration>
- Add line to one of your controller actions to artificially throw an exception
Test
- run the webapp
- browse to a non existent route eg:
Http://localhost:45678/oopsifellonmykeyboard
- see that you are redirected to the custom error page.
- browse to the controller action with the artificial throw
- see that you are redirected to the custom error page.
- now hack the url so that route is non-existent but with a special query string parameter
eg Http://localhost:34567/oopsifellonmykeyboard?aspxerrorpath=oopsididitagain
Observations
- Oh! You are not directed to the error page, you get a YSOD error message from asp.net.
- it doesn't show the call stack so there isn't actually any yellow, but make no mistake this is a YSOD.
- the query string parameter must use the key aspxerrorpath
- the parameter can have any value, but must not be empty
- If the route is legitimate then normal service is resumed
- If the value of the weird query string parameter is empty then again normal service is resumed
- I think that the parameter key is something generated by asp.net for the redirection to the custom error page when webforms are present. It is so that the error page knows what original url was requested and generated the error. And when
~error/erroris requested like that it does do that without anything unexpected happening. It is only when that parameter is added to a route that would result in a 404 from the asp.net application that it behaves wrong.
Question
- Anyone know what's in the request/response pipeline that is responsible for this unexpected behaviour?