views:

103

answers:

2

I have an HttpHandler with the following code:

using System;
using System.Web;
using Company.Cms;
using Company.Web.Handlers.Console;


namespace Company.Web.Handlers
{
    /// <summary>
    /// Summary description for AdminHandler
    /// </summary>
    public class AdminHandler : IHttpHandler
    {
        public bool IsReusable
        {
            get
            {
                return false;
            }
        }

        public void ProcessRequest(HttpContext context)
        {
            HttpRequest request = context.Request;
            HttpResponse response = context.Response;
            string action = request.QueryString["action"];

            if (!HttpContext.Current.User.CanAdminister())
            {
                response.StatusCode = 403;
                response.Status = "403 Access Denied";
                response.End();
                return;
            }

            if (String.IsNullOrEmpty(action))
            {
                response.StatusCode = 404;
                response.Status = "404 Not Found";
                response.End();
                return;
            }

            IHttpHandler handler = null;
            switch (action)
            {
                case "menu":
                    handler = new MenuHandler();
                    break;
                case "tree":
                    handler = new TreeHandler();
                    break;
                case "grid":
                    handler = new GridHandler();
                    break;
                case "list":
                    handler = new ListHandler();
                    break;
                case "drop":
                    handler = new DropHandler();
                    break;
                case "edit":
                    handler = new EditHandler();
                    break;
                case "new":
                    handler = new InsertHandler();
                    break;
            }
            if (handler == null)
            {
                response.StatusCode = 404;
                response.Status = "404 Not Found";
                response.End();
            }
            else
            {
                handler.ProcessRequest(context);
            }
        }
    }
}

Unfortunately when I intentionally specify an invalid action, the browser just displays a blank page. Non of the browser error messages are displayed both in Firefox and IE.

What could I be doing wrong?

EDIT - IE shows the error message, but Firefox does not.

+1  A: 

First Try this:

protected void Page_Load(object sender, EventArgs e) { Response.StatusCode = 404; Response.SuppressContent = true; HttpContext.Current.ApplicationInstance.CompleteRe quest(); }

:)~

Joe Garrett
+1  A: 

Firebug shows the correct status. Does this mean that if I want the browser to display a message, I have to render it myself? – deverop

Absolutely it does. What the browser does based on an error code received is up to the browser. But you can still provide HTML to go along with the 404. Case in point... take a look at Stack Overflow's 404 page. That error message is entirely hand crafted.

Typically, however, you want to limit the amount of data returned from an error status; the more data you return from an erroneous request, the larger the surface of attack for denial of service.

Randolpho