Thursday, April 28, 2011

Methods to handle exceptions in a web project using C#

What is the best way to handle exceptions occurring in catch statements. Currently we are writing the exception message to response object's write method. But I want a solution by which the user will get only a general error message that something has gone wrong but we have to get a detailed description about the error. I would like to know the different practices employed for exception handling in C#.

From stackoverflow
  • Writing to Event Log is one of the options.

  • I'd record the detailed error to my database and redirect the user to a generic error page.

  • For the web project and to guard against any exceptions getting pushed down to the browser, you could enable Health Monitoring and also the use of Custom Error Pages. If you are expecting the possibility of an exception inside the catch statement, simply nest another try catch in there so that it falls over graciously.

    In the global.asax also you can subscribe to the Application_Error event, which will be called for an unhandled exception

    Andrew

    Health Monitoring in ASP.NET : http://www.4guysfromrolla.com/articles/031407-1.aspx

    Paul Suart : Definitely the way to go +1
  • Good for you for wanting to fix this. Writing exception messages directly back to the user can pose a significant security risk -- as you've figured out already, exception messages can contain lots of information that could help a malicious user gain access to your site.

    I'd take a look at ELMAH (Error Logging Modules and Handlers); it's an easy way to add logging of detailed errors to your web app.

  • As REA_ANDREW said, use Health Monitoring along with the custom error pages.

    One thing he didn't say explicitly is that you should avoid the style of programming that puts try/catch blocks around everything. Health Monitoring will log unhandled exceptions, and Custom Error Pages will display to the user whatever you want the user to see about the error (if anything). But this will only happen if you do not catch the exceptions, so just leave them alone and let them propagate.

0 comments:

Post a Comment