I have an ASMX service hosted in IIS 7.5. When it is called with a bad http request (having an empty string value for "host" in the http header), the service returns a http-500 (internal server error). To satisfy company security requirements, it should return a http-400 (bad request) under this situation.
I have verified that the error occurs at the service infrastructure level, and the exception is not thrown from my code. I put try/catch block around the web method but nothing is caught, and the application log has nothing. So the error occurs before my code is executed.
I know WCF can handle the problem gracefully with IErrorHandler; but that's not an option for me at the moment.
Another interesting fact is that when testing inside Visual Studio, the same request causes a 400-error, my desired result.
So my question is: what can I do to make the service hosted under IIS also return a 400 error to a bad request?
Related
I am consuming another restful web service that's https inside my rest WS. When I am running my application on localachine the code works fine. But as soon as I deploy it and then access my application through that url, that rest template call written inside my code gives 400 error.
Here is the log trace
400 Bad Request
: org.springframework.web.client.HttpClientErrorException: 400 Bad Request
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:76)
at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:524)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:481)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:439)
at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:317)
at com.pekam.myandroid.MainActivity$HttpRequestTask.doInBackground(MainActivity.java:106)
at com.pekam.myandroid.MainActivity$HttpRequestTask.doInBackground(MainActivity.java:1)
at android.os.AsyncTask$2.call(AsyncTask.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:841)
Probably there should be an issue in your request. Either you are missing mandatory request parameters in your request XML or missing some headers which throw this 400 Bad request exception.
Please follow this Link.It may resolve your issue. Let us know for any issue.
I'm developing an application which acts as an Http-Proxy for serving files from an external resource. It actually downloads the file from the external resource, checks for viruses and if the file is not infected, returns the file to the client.
My problem is, in case of the file is infected, what HTTP Status code my service should return? I suppose that any type of 4xx error codes is not appropriate for that situation because this class of code is intended for Client errors.
Is a 502 (Bad Gateway) error more appropriate?
Is there any kind of Standard that covers this situation?
I think you are right maestromarko : 502 Bad Gateway. Read the specifications here:
The 502 (Bad Gateway) status code indicates that the server, while
acting as a gateway or proxy, received an invalid response from an
inbound server it accessed while attempting to fulfill the request.
Your proxy is acting as a Gateway and he received what it conciders is invalid as there are virus in it.
It is not a 4xx class error, because whatever the client changes in the request, the result will still be an error.
See also this decision diagram
Http response codes are only meant to handle http specific conditions so I don't think there is a correct answer as such. But some possibilities...
204 - "The server successfully processed the request and is not returning any content"
403 - "The request was valid, but the server is refusing action"
https://en.m.wikipedia.org/wiki/List_of_HTTP_status_codes
In my REST service, once I start or restart my websphere application server and do a request at the first time, the response will return 404 Context Root Not Found error, after this, do requests on this REST service can work well.
The problem is that the 404 error is always return at my first request after my server start.
Could you give some suggestions?
When an action is called by the client to server say POST/PUT, there would be some validations happening in the data that needs to be processed. But that data doesn't comes as a request, data would be fetched from DB (coz the endpoint clearly knows what it should do, so I dont tell the service what to update) and on top of that, validations would be performed.
So if any validation fails on such data, what should be the response code that should be returned?
Am sceptical to use 4XX codes, since those codes are reserved for the errors produced by client.
In my case, since client does not produce any error, what should be the response code for these kind of validation errors?
If your service returns an error which is definetly not caused by the user's request data rather than from the data/state of the server, the service should respond with HTTP 500 Internal Server Error. There is no specific Internal Server Validation Error status code in RFC2616/RFC7231, so I recommend to take the 'general' 500 status.
From RFC 7231:
The 500 (Internal Server Error) status code indicates that the server encountered an unexpected condition that prevented it from fulfilling the request.
How to add the unhandled exceptions accross the applications in response body in WEB API. If there is no exceptions a success message needs to be sent to the response body for all the responses....Need help on achieving this.
You need two things. For handling the exceptions, you need to set the IncludeDetailErrorPolicy in the HttpConfiguration object,
You can configure the error policy preferences as part of the configuration object (HttpConfiguration) in the IncludeErrorDetailPolicy property. This is just an enum that instructs Web API about how to deal with exceptions.
The possible values for this enum are,
Default: It’s uses the customErrors configuration settings if you are using ASP.NET as host or LocalOnly for self-host.
LocalOnly: Only includes error details for local requests
Always: Always includes error details
Never: Never includes error details
When an exception happens, Web API will check the value on this setting for including details about the exception in the response message or not. For example, if Always is enabled, Web API will serialize the exception details as part of the message that you get as response.
The success message does not make much sense as you already have the response status code. A status code equals to OK means that everything went ok. If you still want to add an additional message, use a HttpMessageHandler that checks for the response status code. If the status code is OK, add the message. However, the response body has been set already at that point so you will not able to modify it. You might able to add a message as a header.