how to: handle exceptions, best practices

Question

need to implement a global error handling, so maybe you can help out with the following example...

i have this code:

public bool IsUserA         


        

Answer 1

You need to think about the contracts that the methods define. If a method can't fulfill its contract then you need an exception. Exceptions thrown within the method should be translated into exceptions that make sense from the point of view of the contract of the method.

In the first case, I would catch any exceptions that can be thrown by statement execution (e.g. database errors) and translate them into something like an AuthorisationException. Allowing the exception to propagate straight up doesn't make sense from the point of view of the methods contract. For instance it doesn't make sense to allow a database exception to escape from the method when the method is fulfilling the contract of whether the author is authorised.

Using this idea of the method as a contract allows you to make the right decisions. If a method contract is logging into the database, or some database manipulation, then it might well make sense to allow the exceptions to propagate.

Getting specific: Using the first example:

public bool IsUserAuthorizedToSignIn(string userEMailAddress, string userPassword)
    {
        try
        {
            // get MD5 hash for use in the LINQ query
            string passwordSaltedHash = this.PasswordSaltedHash(userEMailAddress, userPassword);

            // check for email / password / validity
            using (UserManagementDataContext context = new UserManagementDataContext())
            {
                var users = from u in context.Users
                        where u.UserEMailAdresses.Any(e => e.EMailAddress == userEMailAddress)
                            && u.UserPasswords.Any(p => p.PasswordSaltedHash == passwordSaltedHash)
                            && u.IsActive == true
                        select u;

                // true if user found
                return (users.Count() == 1) ? true : false;
            }
        }
        catch(ThisException e)
        {
            thrown new AuthorisationException("Problem1 occurred");
        }
        catch(ThatException e)
        {
            thrown new AuthorisationException("Problem2 occurred");
        }
        catch(OtherException e)
        {
            thrown new AuthorisationException("Problem3 occurred");
        }
    }

You might also like to set the inner exception on the AuthorisationException:

        catch(ThisException e)
        {
            thrown new AuthorisationException("Problem1 occurred", e);
        }

Then your client code can do this:

try
{
    if(User.IsUserAuthorizedToSignIn)
    {
        // Let the magic happen
    }
    else
    {
        // No rights
    }
}
catch(AuthorisationException e)
{
    // Let the user know there is something up with the system. 
}

You may decide that you don't want to catch the AuthorisationException at the immediate calling site since you can't notify the user. So you may let it propagate up to a level where you can do something with it.

Hope that helps!