c# - How to catch HttpRequestValidationException in production

Question

I have this piece of code to handle the HttpRequestValidationException in my global.asax.cs file.

protected void Application_Error(object sender, EventArgs e)
{
    var context = HttpContext.Current;
    var exception = context.Server.GetLastError();
    if (exception is HttpRequestValidationException)
    {
        Response.Clear();
        Response.StatusCode = 200;
        Response.Write(@"<html><head></head><body>hello</body></html>");
        Response.End();
        return;
    }
}

If I debug my webapplication, it works perfect. But when i put it on our production-server, the server ignores it and generate the "a potentially dangerous request.form value was detected from the client" - error page. I don't know what happens exactly... If anybody knows what the problem is, or what i do wrong..?

Also I don't want to set the validaterequest on false in the web.config.

The server uses IIS7.5, And I'm using asp.net 3.5.

Thanks, Bruno

Answer 1

Ok, i found it my self. I must clear my last error.

protected void Application_Error(object sender, EventArgs e)
{
    var context = HttpContext.Current;
    var exception = context.Server.GetLastError();
    if (exception is HttpRequestValidationException)
    {
        context.Server.ClearError();    // Here is the new line.
        Response.Clear();
        Response.StatusCode = 200;
        Response.Write(@"<html><head></head><body>hello</body></html>");
        Response.End();
        return;
    }
}