I want to set the custome error to be true to prevent users from viewing detailed info about my application. But I cannot find where I should write this <customErrors mode="on">; should it be in the web.config or in the web, debug.config or else where?
BR
From my experience, we should turn custom error to On in release mode and turn it off in debug. To automatically do this, we can use web.config transformation like the following example.
Web.Debug.config
This setting will allow web server to display ASP.NET yellow page that contain useful error information.
<customErrors mode="Off" xdt:Transform="Replace" />
Web.Release.config
In the other hand, we don't want user to know technical error. We should use custom error page instead of ASP.NET yellow page.
<customErrors mode="On" xdt:Transform="Replace" />
This will depend, but normally should be in the Web.config file.
The Web.Debug.config and Web.Release.config (and other configuration variations) are used for when you deploy your application. When you perform a publish operation, the transform is applied to your Web.config file during deployment, which means you can have specific configuration settings applied for debug, release, and other configurations that you have set up.
If you don't normally perform a publish operation during development, then you will need to apply this setting to the Web.config file in order for it to take affect.
See http://msdn.microsoft.com/en-us/library/dd465318.aspx for more details about transforming the Web.config file.
See http://msdn.microsoft.com/en-us/library/h0hfz6fc.aspx for an example of adding the customErrors element to the Web.config file.
Put in in Web.config and create an error page for redirect. In MVC, you have HandleErrorAttribute, mark it on class to handler unexpected error, logged it and throw error page. Custom Error is default page for specific error with known status code.
<system.web>
<customErrors mode="On">
<error statusCode="404" redirect="/PageNotFound?" />
</customErrors>
</system.web>
