showing custom error page issue

Q:

I use ELMAH - Error Logging Modules And Handlers.

but i wanna to show nice error page to the user .

My question has two parts:

1. Is there any preferred design or information required in this page.(requirements) .any suggestions , links will be great.

2. When i comment the Clear error line , The error page is shown to the user , otherwise the error page doesn't appear.Why we clear the errors?and How to show the error page .

 protected void Application_Error(object sender, EventArgs e)
        {
            HttpContext ctx = HttpContext.Current;
            Exception exception = ctx.Server.GetLastError();
            string errorInfo =
               "<br>Offending URL: " + ctx.Request.Url.ToString() +
               "<br>Source: " + exception.Source +
               "<br>Message: " + exception.开发者_如何学JAVAMessage +
               "<br>Stack trace: " + exception.StackTrace;

            ErrHandler.WriteError(errorInfo);

            ctx.Server.ClearError();

        }

   <customErrors mode="On" defaultRedirect="Error.aspx"/>

I'll try an answer. For the error page I don't use an .aspx page because this page goes through ASP .Net modules and one module could have errors too. So I recommend a static page (.html one), served by IIS only. Sure, I would like me too to see that the error pages use the same website theme, which this is easily made with Master Pages, also, maybe other info from the current session, like logged on user, etc. All this involves interaction with the ASP .Net so it is a risk to get errors too and to be redirected to the default framework's generated error page. So a very light error page ( same colours, font styles, etc) with maybe some graphics and a clear message of what happened is very enough for the user.

For Elmah I'm using some practices too: first, I don't use the "usual" name for the handler, but something else, like "access-to-elmah-error.ashx". Think that everybody knows elmah.ashx or error.ashx is used to show the server side errors and what a good source for a hacker is. Next is that I protect it under the authorization section. If something is very wrong with the website and I can't login, I can change the web.config to un-protect it and see what happened.