What is the best way to handle exceptions occurring in catch statements. Currently we are writing the exception message to response object's write method. But I want a solution by which the user will get only a general error message that something has gone wrong but we have to get a detailed description about the error. I would like to know the different practices employed for exception handling in C#.
For the web project and to guard against any exceptions getting pushed down to the browser, you could enable Health Monitoring and also the use of Custom Error Pages. If you are expecting the possibility of an exception inside the catch statement, simply nest another try catch in there so that it falls over graciously.
In the global.asax also you can subscribe to the Application_Error event, which will be called for an unhandled exception
Andrew
Health Monitoring in ASP.NET : http://www.4guysfromrolla.com/articles/031407-1.aspx
Good for you for wanting to fix this. Writing exception messages directly back to the user can pose a significant security risk -- as you've figured out already, exception messages can contain lots of information that could help a malicious user gain access to your site.
I'd take a look at ELMAH (Error Logging Modules and Handlers); it's an easy way to add logging of detailed errors to your web app.
I'd record the detailed error to my database and redirect the user to a generic error page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With