SyntaxFix

[asp.net-mvc] Server cannot set status after HTTP headers have been sent IIS7.5

Sometimes I get exception in my production environment:

  • Process information
    • Process ID: 3832
    • Process name: w3wp.exe
    • Account name: NT AUTHORITY\NETWORK SERVICE
  • Exception information
    • Exception type: System.Web.HttpException
    • Exception message: Server cannot set status after HTTP headers have been sent.
  • Request information
    • Request URL: http://www.myulr.pl/logon
    • Request path: /logon
    • User host address: 10.11.9.1
    • User: user001
    • Is authenticated: True
    • Authentication Type: Forms
    • Thread account name: NT AUTHORITY\NETWORK SERVICE
  • Thread information
    • Thread ID: 10
    • Thread account name: NT AUTHORITY\NETWORK SERVICE
    • Is impersonating: False 
Stack trace: at System.Web.HttpResponse.set_StatusCode(Int32 value) at  
System.Web.HttpResponseWrapper.set_StatusCode(Int32 value) at  
System.Web.Mvc.HandleErrorAttribute.OnException(ExceptionContext filterContext) at  
System.Web.Mvc.ControllerActionInvoker.InvokeExceptionFilters(ControllerContext controllerContext, IList(1) filters, Exception exception) at  
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) at System.Web.Mvc.Controller.ExecuteCore() at  
System.Web.Mvc.MvcHandler.<>c__DisplayClass8.<BeginProcessRequest>b__4() at  
System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.<MakeVoidDelegate>b__0() at  
System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8(1).<BeginSynchronous>b__7(IAsyncResult _) at  
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult(1).End() at   
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) at  
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at  
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& ompletedSynchronously)

I didn't noticed this error on my test environment what should I check?

I am using ASP.NET MVC 2 (Release Candidate 2)

This question is related to asp.net-mvc http iis-7

The answer is

We were getting the same error - so this may be useful to some.

For us the cause was super simple. An interface change confused an end user and they were pressing the back button in the browser at a 'bad' time after a form submission (sure we should probably have used a PRG pattern, but we didn't).

We fixed the issue and the user is no longer pressing the back button. Problem solved.

I remember the part from this exception : "Cannot modify header information - headers already sent by" occurring in PHP. It occurred when the headers were already sent in the redirection phase and any other output was generated e.g.:

echo "hello"; header("Location:http://stackoverflow.com");

Pardon me and do correct me if I am wrong but I am still learning MS Technologies and I was trying to help.

Just to add to the responses above. I had this same issue when i first started using ASP.Net MVC and i was doing a Response.Redirect during a controller action:

Response.Redirect("/blah", true);

Instead of returning a Response.Redirect action i should have been returning a RedirectAction:

return Redirect("/blah");

You are actually trying to redirect a page which has some response to throw. So first you keep the information you have throw in a buffer using response.buffer = true in beginning of the page and then flush it when required using response.flush this error will get fixed

The HTTP server doesn't send the response header back to the client until you either specify an error or else you start sending data. If you start sending data back to the client, then the server has to send the response head (which contains the status code) first. Once the header has been sent, you can no longer put a status code in the header, obviously.

Here's the usual problem. You start up the page, and send some initial tags (i.e. <head>). The server then sends those tags to the client, after first sending the HTTP response header with an assumed SUCCESS status. Now you start working on the meat of the page and discover a problem. You can not send an error at this point because the response header, which would contain the error status, has already been sent.

The solution is this: Before you generate any content at all, check if there are going to be any errors. Only then, when you have assured that there will be no problems, can you then start sending content, like the tag.

In your case, it seems like you have a login page that processes a POST request from a form. You probably throw out some initial HTML, then check if the username and password are valid. Instead, you should authenticate the user/password first, before you generate any HTML at all.

If someone still having this problem.Try to use instead of ovverriding

 public void OnActionExecuting(ActionExecutingContext context)
    {
        try
        {

            if (!HttpContext.Current.User.Identity.IsAuthenticated)
            {
                if (!HttpContext.Current.Response.IsRequestBeingRedirected)
                {

                    context.Result = new RedirectToRouteResult(
                new RouteValueDictionary {  { "controller", "Login" }, { "action", "Index" } });
                }
            }

        }
        catch (Exception ex)
        {
               new RouteValueDictionary { { "controller", "Login" }, { "action", "Index" } });
        }

    }

I had the same issue with setting StatusCode and then Response.End in HandleUnauthorizedRequest method of AuthorizeAttribute

var ctx = filterContext.HttpContext;
ctx.Response.StatusCode = (int)HttpStatusCode.Forbidden;
ctx.Response.End();

If you are using .NET 4.5+, add this line before Response.StatusCode

filterContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;

If you are using .NET 4.0, try SuppressFormsAuthenticationRedirectModule.

I apologize, but I'm adding my 2 cents to the thread just in case anyone has the same problem.

  • I used Forms Authentication in my MVC app
  • But some controller-actions were "anonymous" i.e. allowed to non-authenticated users
  • Sometimes in those actions I would still want users to be redirected to the login form under some condition
  • to do that - I have this in my action method: return new HttpStatusCodeResult(401) - and ASP.NET is super nice to detect this, and it redirects the user to the login page! Magic, right? It even has the proper ReturnUrl parameter etc.

But you see where I'm getting here? I return 401. And ASP.NET redirects the user. Which is essentially returns 302. One status code is replaced with another.

And some IIS servers (just some!) throw this exception. Some don't. - I don't have it on my test serevr, only on my production server (ain't it always the case right o_O)

I know my answer is essentially repeating what's already said here, but sometimes it's just hard to figure out where this overwriting happens exactly.

How about checking this before doing the redirect:

if (!Response.IsRequestBeingRedirected)
{
   //do the redirect
}

Source: Stackoverflow.com

Examples related to asp.net-mvc

Using Lato fonts in my css (@font-face) Better solution without exluding fields from Binding Vue.js get selected option on @change You must add a reference to assembly 'netstandard, Version=2.0.0.0 How to send json data in POST request using C# VS 2017 Metadata file '.dll could not be found The default XML namespace of the project must be the MSBuild XML namespace How to create roles in ASP.NET Core and assign them to users? The model item passed into the dictionary is of type .. but this dictionary requires a model item of type How to use npm with ASP.NET Core

Examples related to http

Access blocked by CORS policy: Response to preflight request doesn't pass access control check Axios Delete request with body and headers? Read response headers from API response - Angular 5 + TypeScript Android 8: Cleartext HTTP traffic not permitted Angular 4 HttpClient Query Parameters Load json from local file with http.get() in angular 2 Angular 2: How to access an HTTP response body? What is HTTP "Host" header? Golang read request body Angular 2 - Checking for server errors from subscribe

Examples related to iis-7

Accessing a local website from another computer inside the local network in IIS 7 500.21 Bad module "ManagedPipelineHandler" in its module list HTTP Error 503. The service is unavailable. App pool stops on accessing website IIS - 401.3 - Unauthorized 500.19 - Internal Server Error - The requested page cannot be accessed because the related configuration data for the page is invalid ASP.NET Web API application gives 404 when deployed at IIS 7 WebApi's {"message":"an error has occurred"} on IIS7, not in IIS Express enabling cross-origin resource sharing on IIS7 How to fix 'Microsoft Excel cannot open or save any more documents' IIS 7, HttpHandler and HTTP Error 500.21

Tags

Sqlclient C++filt Jini Web-deployment-project Cfnetwork Page-lifecycle Detailtextlabel Tabbarcontroller Zend-translate Pulsar Setvalue Date-formatting Factorial Vertex-array Mdichild Js1k Unobtrusive Kqueue Lvm Procedure Markaby Unreachable-code Umask Jsonresult Gdr Nintendo Output-parameter Httpverbs Fullcalendar Redistributable Object-identity Dia Uniform Cheetah Pywin32 Page-fault Nspopupbutton Repopulation Tcollection Augmented-reality Buildforge Translators Flux Pluggable Posting Function-interposition Iaccessible Netsuite Portaudio Blowfish Byte Content-indexing Embeddedwebserver Rhino-mocks Xmlspy Activator Uservoice Voice-recording Izpack Ucma2.0 Icefaces Apk Wmd Snapstodevicepixels Adobe-cirrus Halt Manipulators Database-diagramming Dashcode Illegalargumentexception Cp1251 Php-gettext Tdxmemdata Token Reverse-dns Modalviewcontroller Seam3 To-yaml Syndication-feed Data-comparison Refinerycms Custom-build-step Dynamic-typing Folder-security Null-pointer Portrait Iis-metabase Special-form Ubuntu-10.04 Erubis Mode Execcommand Opcode-cache Getdibits Linear-gradients Leftist-tree Posthoc Denormalization S60-3rd-edition Seq