Microsoft – Classic ASP – Error Suppressed

Background

The last few weeks I have been battling with a Vendor application that uses a mix of Classic ASP and ASP.Net.  Not to keep the beating to myself, I will like to share some of my bruised ego.

 

Code

Classic ASP

We will focus on the Classic ASP code.  There are many reasons for this singular focus; and inclusive:

  • Historical
    • Classic ASP was introduced in 1996
    • It was Microsoft’s first server side scripting engine for generating web pages
  • Tooling
    • It is based on VBScript and JScript
    • ASP 2.0 provided six built-in objects: Application, ASPError, Request, Response, Server, and Session
    • It has being in support for accessing COM and Dlls

 

As a tool developed in 1996,  almost 20 years ago, it is increasingly difficult to elegantly support it.

 

Sample Code

Let us create a sample app

 


<html>
<head>
<title>
Err Suppressed
</title>
</head
<@% Page Language=VBScript 	Explicit=True Debug=True %>
<% Response.Buffer = True %>
<!--#include file="errorHandler/errorHandler.inc"-->

<%

	Const ERR_HANDLER_CUSTOMIZED = "/errorHandler/errorHandler500Customized.asp"

	Const ERR_TYPE_DIVIDEBYZERO = 1
	Const ERR_TYPE_OBJECT_INVALIDMETHOD = 2
	Const ON_ERROR_RESUME_NEXT = false
	Const ON_ERROR_PROCEED_ERRORHANDLERPAGE = false

	dim strDate
	dim iNumberofEntries
	dim objDictModule
	dim allKeys
	dim allItems
	dim dictKey
	dim dictItem
	Dim i
	Dim iMax	

	dim objNullObject
	dim objErr

	dim numerator
	dim divisor
	dim result

	dim strItem
	dim iErrType

        dim strPagename

        strPagename = Request.ServerVariables("SCRIPT_NAME") 

        if (ON_ERROR_RESUME_NEXT) then

		On error resume next

	end if

	iErrType = ERR_TYPE_OBJECT_INVALIDMETHOD
	iErrType = ERR_TYPE_DIVIDEBYZERO

	if (iErrType = ERR_TYPE_DIVIDEBYZERO) then

		numerator = 1000
		divisor = 0
		result = a / b

	elseif (iErrType = ERR_TYPE_OBJECT_INVALIDMETHOD) then

		objNullObject.Sleep()

	end if

	set objErr = Err

	set objDictModule = getErrorObjectAsDictionary(objErr)

	set Session(ERR_OBJECT_CUSTOM) = objDictModule

	if ( (Err.Number <> 0) and (ON_ERROR_PROCEED_ERRORHANDLERPAGE = true) ) Then

           'store calling page name
           Session(ERR_OBJECT_CUSTOM).add "Err.Referrer", strPagename

           Response.Redirect ERR_HANDLER_CUSTOMIZED

	end if

%>

 

In the code above, we have intentionally added the usual suspects; that is things we know will cause trouble:

  • Divide by 0
  • Reference a null object ( objNullObject.Sleep )

 

IIS Configuration – ASP

Let us make sure that IIS is sufficiently for debugging ASP.

  • Via “Control Panel” \ “Administrative Tools” \ Internet Information Services (IIS) Manager
    • In the left panel, Under Sites, Select the Web Site
    • In the right panel, make sure that the Features View is active
    • In the Features view, within the IIS panel, select ASP

 

Features View

FeaturesView

 

ASP Configuration

ASP

 

The important configurable items are:

  • Debugging Properties – Set to True
    • Calculate Line Numbers
    • Catch COM Component Exceptions
    • Enable Client-side debugging
    • Enable Log Error Requests
    • Enable Server-side Debugging
    • Log Errors to NT Log
    • Send Errors to Browser
  • Script Language
    • VBScript

 

Error Message

Upon launching a Web Browser, IE in this case, we run into a ditch.

Here is what we get:

HTTP500

 

Not a very intuitive error message as we had “Show Friendly HTTP error messages“.

Current Setting:

ShowFriendlyHTTPErrorMessages

 

More Intuitive Message

Via “Internet Options”, we turned off “Show friendly HTTP error messages”.

And, we now have a good error number,  error message, and source file name & offending line number.

Error-Overflow

 

 

 IIS Log

IIS Logs also contain helpful data.

IISLog-Overflow

 

Our IIS Log contains definite and helpful error; here they are:

  • We have .Net CLR2 and CLR3 installed
  • Our error line is 57
  • Our error code is 800a006
  • Our error description is Overflow

 

 

Sample Code – “On Error Resume Next”

Let us change the code a bit by setting “On error resume next

 


    'Const ON_ERROR_RESUME_NEXT = false
     Const ON_ERROR_RESUME_NEXT = true

Once we set “On error resume next”, our error is no longer visible …

Browser – IE

Error-OnErrorResumeNext

Browser - IISLog

Checked IISLog, and no errors registered

IISLog-ErrSurpressed 

Error Handling

It is obvious that silencing our errors is a bit problematic; as we still have them, but we are not aware of them. Furthermore, the work we greatly want to do, is yet undone. Let us handle our error, and send the user to an informative error page.

 


    'Const ON_ERROR_PROCEED_ERRORHANDLERPAGE = false
    Const ON_ERROR_PROCEED_ERRORHANDLERPAGE = true

 

As we have now indicated that we want to handle our error, though it is silent, we wrote additional modules:

ErrSuppressed.asp

Classic ASP supports a couple of ways to organize code, source code modules & Com components.  In this post, we will take the quick and simple path of having the code in an included file (errorhandler/errorHandler.inc).

Though not required, we placed in its own folder, as well.

 


  <!--#include file="errorHandler/errorHandler.inc"-->

 

errorHandler/errorHandler.inc

Here is our included file.


<%

Const ERR_OBJECT_CUSTOM = "customErrorCollection"

Function getErrorObjectAsDictionary (objErr)

     Dim objList
     Dim objASPError

     Set objList = CreateObject("Scripting.Dictionary")
     objList.add "Err.Number", objErr.Number
     objList.add "Err.Description", objErr.Description

     set objASPError = Server.GetLastError()

     objList.add "ASPError.ASPCode", objASPError.ASPCode
     objList.add "ASPError.ASPDescription", objASPError.ASPDescription
     objList.add "ASPError.Description", objASPError.Description
     objList.add "ASPError.Source", objASPError.Source
     objList.add "ASPError.Number", objASPError.Number
     objList.add "ASPError.File", objASPError.File
     objList.add "ASPError.Line", objASPError.Line

     rem we used set as objList is an object and not a simple datatype (int\string)
     Set getErrorObjectAsDictionary = objList

End Function

%>

 

The errorHandler.inc is an interesting code-line:

  • We are a generic collection object (Scripting.Dictionary)
  • We captured both the err.number and err.description properties into our collection
  • We also performed a Server.GetLastError call and captured the resultant object’s property, as well
  • Noticed that we used set at the end of the function to return a complex object

 

 

errorHandler/errorHandler500Customized.inc

 


<html>
<head>
<title>
Err Handler - 500 - Customized
</title>
</head>

<@% Page Language=VBScript 	Explicit=True Debug=True	EnableSessionState=True	%>
<!--#include file="errorHandler.inc"-->

<body>

<%

	 Dim objError
	 Dim objDictModule
	 Dim errNumber
	 Dim errDescription

	 Dim objErr
	 Dim objErrDict

	 Dim strBuffer
	 Response.Clear

%>
<table border="1">
<tbody>
<tr>
<td>
<table border="0" width="653">
<tbody>
<tr style="background-color: #ff9900;">
<td colspan=3 col align='center'><strong>Error Items</strong></td>
</tr>
<tr style="background-color: Gainsboro;">
<td>&nbsp;</td>
<td><strong>Item</strong></td>
<td><strong>Value</strong></td>
</tr>
<!--
	Access Err Object
-->
<tr style="background-color: beige;">
<td>&nbsp;</td>
<td><strong>Err.Number</strong></td>
<td><strong><%= CSTR(Err.Number) %></strong></td>
</tr>
<tr style="background-color: beige;">
<td>&nbsp;</td>
<td><strong>Err.Description</strong></td>
<td><strong><%= Err.Description %></strong></td>
</tr>
<%

	strBuffer = ""
	CONST COLOR_ROW = "beige"
	CONST COLOR_ROW_ALTERNATE = "blanchedalmond"

	Dim strRowColor
	Dim strItem

	If isObject(Session(ERR_OBJECT_CUSTOM)) = false then

	else

		set objDictModule = Session(ERR_OBJECT_CUSTOM)

		if (objDictModule is Nothing) Then

		else

			'retrieve all the keys and items from the Dictionary and print them out
			allKeys = objDictModule.Keys   'Get all the keys into an array
			allItems = objDictModule.Items 'Get all the items into an array 

			For i = 0 To objDictModule.Count - 1 'Iterate through the array

			  dictKey = allKeys(i)   'This is the key value
			  dictItem = allItems(i) 'This is the item value

			  if ( (i mod 2) = 0) then
				strRowColor = COLOR_ROW
			  else
			    strRowColor = COLOR_ROW_ALTERNATE
			  end if	

			  strItem = "
<tr style='background-color: " & strRowColor & "';>"
			  strBuffer = strBuffer & strItem

			  strItem = "
<td>" & cstr(i+1) & "</td>
"
			  strBuffer = strBuffer & strItem

			  strItem = "
<td>" & dictKey & "</td>
"
			  strBuffer = strBuffer & strItem

			  strItem = "
<td>" & dictItem & "</td>
"
			  strBuffer = strBuffer & strItem

			  strItem = "</tr>
"
			  strBuffer = strBuffer & strItem

			Next

		end if

	end if

	Response.Write strBuffer

%></tbody>
</table>
&nbsp;</td>
</tr>
</tbody>
</table>
&nbsp;

</body>
</html>

%>

 

 Explanation:

Here is a quick explanation

  • We checked Err.Number and Err.Description
  • We checked the Session Object that was “set” in the previous page
  • Notice the use of IsObject to ensure that our session variable is previously set

 

 

Browser Output:

 

errorHandlerCustomizedOutput

 

 

From the screen above, we will notice a few things:

  • We lost our original error; that is why when the new page calls err.number and err.description we have 0 and empty
  • Thankfully, our session data was preserved

 

Summary:

It appears that when we use “on error resume next” and post to another page, our err object ( Err.Number and Err.Description ) is automatically reset.

 

Application Level

Configuration

Web.config

From the example above, we can see that the “on error resume next” statement, prevents error trapping through code.

What about error trapping that is implicitly handled in web.config

 

GUI

Edit Custom Error Page:

Here is how to configure Error Page via “IIS Management Console”

customErrorPage

 

 

Error Message

In our case, we tweaked our website’s configuration quite a bit. We reviewed and played around with the Application Pool and the actual web site.

Error Text:

Error Message: This site is in an application pool that is running in Classic mode. When running in this mode, custom errors apply to all content except ASP.Net content.

Error Image:

customErrorsAndApplicationPool

 

The error message hints that we need to change our Application Pool’s managed pipeline from Classic to Integrated.

 

Application Pool

ApplicationPool - MangedPipelineMode - Integrated

 

Error Pages – Feature Settings

It is also important that we set/review the default “Error Pages” settings.

 

CustomErrorPage - Edit Features

 

We want to set “Error Page Settings” / “Custom Error Pages” to “Custom error pages”.

If set to :

  • Detailed errors (everyone sees the detailed errors)
  • Detailed errors for local requests and custom error pages for remote requests ( when viewed locally on the web server one sees the detailed error message; and when viewed away from the web server, one sees our custom error page)

 

Source Code

Here is what our web.config looks like:

 


<?xml version="1.0" encoding="UTF-8"?>
<configuration>

    <system.webServer>

		<defaultDocument>
            <files>
                <add value="ErrSupressed.asp" />
            </files>
        </defaultDocument>

		<tracing>
            <traceFailedRequests>
                <remove path="*" />
                <add path="*">
                    <traceAreas>
                        <add provider="ASP" verbosity="Verbose" />
                        <add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
                        <add provider="ISAPI Extension" verbosity="Verbose" />
                        <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:00" statusCodes="100-999" />
                </add>
            </traceFailedRequests>
        </tracing>

        <httpErrors errorMode="Custom">
            <remove statusCode="500" subStatusCode="-1" />
            <error
		statusCode="500"
		prefixLanguageFilePath=""
		path="/errorHandler/errorHandler500Customized.asp"
		responseMode="ExecuteURL"
		/>
        </httpErrors> 

    </system.webServer>

</configuration>

 

Explanation:

There are a few things going on in the web.config file indicated above; and those are:

  • We are using our great friend – traceFailedRequests; whenever an error occurs an XML file is generated
  • We are using trapping on HTTPErrors
    • We are using ErrorMode is Custom :- This is we have our our own custom code
    • HTTP Error = 500
      • We call /errorHandler/errorHandler500Customized.asp
      • responseMode = ExecuteURL

 

 

Once we add a web.config page, we will have instituted an Application wide error handling pathway.

The Application wide pathway will work for all cases, except when “on error resume next” is in-effect.

 

How do we test?

How do we investigate whether we can handle errors implicitly?

We will remove “on error resume next”.

Const ON_ERROR_RESUME_NEXT = false
rem Const ON_ERROR_RESUME_NEXT = true

 

Just-In-Time Debugger:

JustInDebugger

 

We will not trod down the Debugging trek; and so we will skip initiating the debugger by choosing “No, cancel debugging“.

 

Here is what we see when a code error and IIS itself triggers our error page

errorHandlerCustomizedOutput-Generic

 

Explanation

We can see that we have lost useful error data.  Earlier we preserved them by saving them to session variables and then transferring processing to the Error Page.

Spent all weekend trying to get to them when IIS auto-invokes the error page, but not smart enough.

 

On error goto 0

“On error goto 0” return us back to sanity.  I will suggest that for each “on error resume next”, a corresponding  “on error goto 0” be added as a complement.

 

Exception Handling

Modern languages idiom rely on try/catch/finally exception paradigm.

 

Source Control

Github

To make it easier to share and review our simple App, we have place it on Github.

https://github.com/DanielAdeniji/ClassicASPOnErrorResumeNext

 

Where did Classic ASP come from?

Accordingly to Wikipedia, Classic ASP was introduced as part of NT Option Pack in 1996.  And, discontinued 4 years later in 2000.

NT Option Pack is one of the most important product release from Microsoft.  Keeping in mind that it was a midterm release between Windows NT 4.0 and Windows 2000, and Microsoft was trying to stem the tide of competing products; and so everything along with the Kitchen Sink and the proverbial workman’s hamburger was included.

According to Windows NT Option Pack, here is what was bundled within it:

  • Certificate Server – Microsoft Certificate Server provides customization services for issuing and managing certificates used in software security systems employing public-key cryptography.
  • FrontPage Server Extensions
  • Index Server – It allows you to easily perform full-text searches and retrieve all types of information from any Web browser.
  • Internet Connection Services for RAS – Remote Access Service
  • Internet Information Server (IIS) version 4.0
  • Mail and News Services – Microsoft SMTP Service uses the standard Internet protocol Simple Mail Transfer Protocol (SMTP) to transport and deliver messages
  • The Microsoft NNTP Service – Newsgroup
  • The Microsoft Data Access Components (MDAC) – ActiveX Data Objects and the Microsoft Access driver
  • Microsoft Management Console (MMC) – Uniform interface for managing server application
  • Microsoft Message Queue Server (MSMQ) – communicate with other application programs quickly, reliably, and asynchronously by sending and receiving messages
  • Microsoft Transaction Server (MTS) – component-based transaction processing system for developing, deploying, and managing high-performance, scalable, and robust applications
  • Site Server – Comprehensive Web site environment for enhancing, deploying, and managing rich intranet and Internet Web sites
  • Microsoft SNA Server – comprehensive gateway and application integration platform that enables communications with midrange ( AS/40)0 and mainframe systems
  • Windows Script Host – a language-independent scripting host for ActiveX™ scripting engines

 

Dedicated

Once again, I will dedicate this post to a public commit-er, former Microsoft engineer, Eric Lippert. I referenced an important blog post by him in the Reference section below.

Eric blogs @ http://ericlippert.com/ and he has an interesting post @ “Eric Lippert Dissects CVE-2014-6332, a 19 year-old Microsoft bug” ( http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html )

 

Summary

For a product released in 1996 and deprecated in 2000; ASP has obvious staying power.

For the sake of the numerous companies and products that continue to rely on it, I wish keen attention, knowledge and courage.

For sustenance engineers, keep an eye out for “On error resume next“.

References

Configuration

Reference – httpErrors and customErrors

 

customErrors

Microsoft

Blog and Q/A

 

IIS – Custom Errors – Sample Code

Microsoft

ASP.Net

 

3rd Party Vendor

Q/A

 

Storing & Transfering Data

 

Collection Object

Dictionary Object

 

Session Variables

 

Context

 

ASP

Best Practices

ASP Error Handling – Reference

 

ASP Error Handling – Sample

 

Including File

 

Test Object

 

 

ASP.Net

Error Handling

 

Page Transition

Move to new page

Response.Redirect

Server.Transfer

 

 

“On Error Resume Next ” Stories

 

 

2 thoughts on “Microsoft – Classic ASP – Error Suppressed

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s