tags:

views:

363

answers:

4
Q: 

Hiding the stacktrace for an exception returned by a asp.net WebMethod?

I am using methods with the Attribute [WebMethod] in my aspx pages. I don't use any asp.net ajax but jQuery to call these methods and return objects in JSON. This all works fine.

Next I added an authorization check inside the webMethod, if the current user doesn't have access to the feature I need to let the calling JavaScript know.

So I am throwing an AccessViolationException exception which can then be parsed by the OnError callback function in JavaScript. This works too but the exception includes the full StackTrace and I don't want to make this available to the calling client.

What other ways I could use to return an "Access Denied" to the client when the WebMethod returns a business object?

I'm using ASP.Net 3.5SP1 and jQuery 1.32

+1  A: 

Why propagate errors through the wire? why not use an error response ?

Just wrap your object in a response object wich can contain an error code for status and an error message to present to users.

Nuno Furtado  2009-04-21 16:51:02
I think I have very little control over the return value of a WebMethod, I can either return the expected business object or null. How would I throw an 'error response' in there?
Peter Hahndorf  2009-04-21 16:57:59
You can encapsulate your BusinessObject in a ResponseObject which could it self have a status. could you not?
Nuno Furtado  2009-04-21 17:00:11
I was just thinking along the same lines, thanks for the input.
Peter Hahndorf  2009-04-21 17:05:51
A: 

I save exceptions for when things go really wrong. (e.g. can't connect to the database)

Either return nothing (null/nill/whatever), or return a false bool value.

Sorry that I don't have a better answer than that...I'll have to keep looking myself.

Chris Brandsma  2009-04-21 17:14:35
A: 

You could look at SoapException: http://msdn.microsoft.com/en-us/library/system.web.services.protocols.soapexception(VS.71).aspx

I'm just not sure, if it will work when it is called from JavaScript. Espeially if it's called with a get-request.

BTW AccessViolationException is to my best knowlegde ment to be thrown when the application is accessing memory it has no access to.

/Asger

asgerhallas  2009-04-21 17:25:40
There is no Soap involved here, pure HTTP and JSON. But you are right the AccessViolationException was the wrong choice for an exception.
Peter Hahndorf  2009-04-21 18:31:53
+1  A: 

As suggested by NunFur I changed my approach and rather than throwing an error, I return a 'richer' object.

There are at least two options, the first one would be to encapsulate my business object into a response object with some status properties. I tried this but it makes the JSON more complicated. So rather than adding a new object I added two properties to my business object, something like ServiceStatus and ServiceMessage. By default these are 200 and '', but can be set by the WebMethod code if anything goes wrong (no access, proper error). In this case they business object will be 'empty' (no data). The JavaScript code then first checks for the ServiceStatus and reacts appropriately.

I add the two fields to all my objects that are returned by WebMethods, even a simple string. They have to implement an Interface with those two properties.

Now I have complete control over that goes over the wire in case something unexpected is happening.

Thanks for the input

Peter Hahndorf  2009-04-21 18:30:35

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?