Why isn't MVC using Error.aspx?

Question

I'm trying to add some security to my ASP.NET 1.0 MVC app (VB), but I can't get it to work. At the top of my controller, I've got:

<HandleError()> _
Public Class HomeController

I'm overriding OnActionExecuting and throwing a SecurityException if the user is not in the proper role.

Everything I've read states that this should by default look for Error.aspx first in the current folder (Home) then in the Shared folder. I've got Error.aspx in both folders, and all I'm getting is a "Security Exception" yellow screen of death.

What am I missing?

Answer 1

do you have customErrors=On in your web.config

here

Answer 2

Do you have in your web.config? If mode="Off" or if you're accessing the site from the same box and mode="RemoteOnly", the debug page is shown instead of the error.aspx view.

If this is not the case, try creating an action on a controller that returns View("Error") and see what happens. I just had this problem recently and it was due to an error in the Error.aspx view itself. Rather than tell you there's a problem with the error view, the framework just goes ahead and displays the YSOD with the original error information.