views:

331

answers:

5

What is the best way to handle exceptions occurring in catch statements. Currently we are writing the exception message to response object's write method. But I want a solution by which the user will get only a general error message that something has gone wrong but we have to get a detailed description about the error. I would like to know the different practices employed for exception handling in C#.

A: 

Writing to Event Log is one of the options.

Dmitry Ornatsky
+1  A: 

I'd record the detailed error to my database and redirect the user to a generic error page.

Lazarus
+6  A: 

For the web project and to guard against any exceptions getting pushed down to the browser, you could enable Health Monitoring and also the use of Custom Error Pages. If you are expecting the possibility of an exception inside the catch statement, simply nest another try catch in there so that it falls over graciously.

In the global.asax also you can subscribe to the Application_Error event, which will be called for an unhandled exception

Andrew

Health Monitoring in ASP.NET : http://www.4guysfromrolla.com/articles/031407-1.aspx

REA_ANDREW
Definitely the way to go +1
Paul Suart
+3  A: 

Good for you for wanting to fix this. Writing exception messages directly back to the user can pose a significant security risk -- as you've figured out already, exception messages can contain lots of information that could help a malicious user gain access to your site.

I'd take a look at ELMAH (Error Logging Modules and Handlers); it's an easy way to add logging of detailed errors to your web app.

Mike Powell
A: 

As REA_ANDREW said, use Health Monitoring along with the custom error pages.

One thing he didn't say explicitly is that you should avoid the style of programming that puts try/catch blocks around everything. Health Monitoring will log unhandled exceptions, and Custom Error Pages will display to the user whatever you want the user to see about the error (if anything). But this will only happen if you do not catch the exceptions, so just leave them alone and let them propagate.

John Saunders