Methods to handle exceptions in a web project using C#

Question

What is the best way to handle exceptions occurring in catch statements. Currently we are writing the exception message to response object\'s write method. But I want a solution

Answer 1

Good for you for wanting to fix this. Writing exception messages directly back to the user can pose a significant security risk -- as you've figured out already, exception messages can contain lots of information that could help a malicious user gain access to your site.

I'd take a look at ELMAH (Error Logging Modules and Handlers); it's an easy way to add logging of detailed errors to your web app.

Answer 2

For the web project and to guard against any exceptions getting pushed down to the browser, you could enable Health Monitoring and also the use of Custom Error Pages. If you are expecting the possibility of an exception inside the catch statement, simply nest another try catch in there so that it falls over graciously.

In the global.asax also you can subscribe to the Application_Error event, which will be called for an unhandled exception

Andrew

Health Monitoring in ASP.NET : http://www.4guysfromrolla.com/articles/031407-1.aspx

Answer 3

I'd record the detailed error to my database and redirect the user to a generic error page.

Answer 4

Writing to Event Log is one of the options.

Answer 5

As REA_ANDREW said, use Health Monitoring along with the custom error pages.

One thing he didn't say explicitly is that you should avoid the style of programming that puts try/catch blocks around everything. Health Monitoring will log unhandled exceptions, and Custom Error Pages will display to the user whatever you want the user to see about the error (if anything). But this will only happen if you do not catch the exceptions, so just leave them alone and let them propagate.