Telerik Forums / UI for ASP.NET AJAX
This is a migrated thread and some comments may be shown as answers.

Customize Error message for Telerik.Web.UI.DialogHandler.aspx

1 Answer 416 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
Christopher
Top achievements
Rank 1
Christopher asked on 25 Apr 2020, 12:03 AM

     I've been working on resolving a Telerik vulnerability in our site that is using version 2015.3.1111.45 of Telerik.Web.UI (see https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness).  I've applied the patched dll to the site, so now when our tester tries the exploit, she gets an error page that says "Cannot deserialize dialog parameters. Please refresh the editor page.
Error Message:The hash is not valid!"  Our security group is not happy with that error page and wants to see something more generic and less revealing to the would-be hacker.  Our ASP.NET MVC application is configured in the web.config to have "customErrorsMode" set to "On" so that any unhandled errors will automatically redirect the user to a very generic and static html error page.  Unfortunately even with this set in our production environment, we are still getting the "Cannot deserialize dialog parameters....." error... presumably being generated by Telerik somehow.

Can you provide a solution on how to customize this error message or get around it so that it will fall though to the .NET error handling of the web application itself?

1 Answer, 1 is accepted

Sort by
0
Rumen
Telerik team
answered on 27 Apr 2020, 05:37 PM

Hi Christopher,

Thank you for asking this great question!

RadEditor does not offer an API to customize or localize the error thrown by the Telerik.Web.UI.DialogHandler handler.

The available approaches with the current release are:

  • Try to override it using the built-in ASP.NET AJAX error handling mechanism:
    <configuration>
  <system.web>
    <customErrors defaultRedirect="Telerik.Web.UI.DialogHandler.aspx"
                  mode="RemoteOnly">
      <error statusCode="500"
             redirect="InternalErrorPage.aspx"/>
    </customErrors>
  </system.web>
</configuration>
    or
    <configuration>
  <system.web>
    <customErrors defaultRedirect="Telerik.Web.UI.DialogHandler.axd"
                  mode="RemoteOnly">
      <error statusCode="500"
             redirect="InternalErrorPage.aspx"/>
    </customErrors>
  </system.web>
</configuration>
  • Obtain the source code from https://www.telerik.com/account/product-download?product=RCAJAX and change the string and build your own assembly with the customized message.
  • File a feature request at the AJAX Feedback portal.

I will be glad to assist you with any additional questions. Just let me know.

Regards,
Rumen
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic. 
Our thoughts here at Progress are with those affected by the outbreak.
Tags
General Discussions
Asked by
Christopher
Top achievements
Rank 1
Answers by
Rumen
Telerik team
Share this question
or