Be very careful here! I was just at a TechNet discussion and the subject
was Web Security and one of the biggest points they made was not exposing
exceptions to users. Hackers will often try to break the app and gain info
from the exception message. One fairly large company got one of their
primary tables truncated and the attacker was able to do it by injection
attacks coupled with info from the exception message which told him what to
hit.
You have a few choices as far as developer exceptions go. First off, I'd
recommend against using MessageBoxes, use assertions and in the try catch
block use Debug.Assert(false, ex.ToString()); it'll give you a little more
flexibility. Either way it's not going to happen with the web. You could
serialize your exceptions and write them to an XML file for one thing. Many
times we use debug constants and set a place on the web server to write
exceptions when it's in debug mode. Then when we switch to release, it stops
and all is good. YOu can also write to event logs although you'll need some
increased permissions to do this and if your app throws a lot of exceptions,
they can fill up quickly (although it takes a fair volume to do this to the
point its a pain for most small to mid sized apps). Finally you can write
the exceptions to db, you can just serialize them and in your serialization
routine write to the db. The main problem with this approach is if DB
connectivity is what's throwing the excetion, then you may throw new ones
and you probably won't be able to write them out. Finally you can use SMTP
or Pop and mail the messages to yourself which is pretty decent for
production but a bit slow for development and testing.
Probably debug.Writeline and Assertions using Debug or Trace will work for
giving you timely info as a developer . For other stuff you can write to
the event logs or use one of the other approaches. HTH,
Bill
Kshitij said:
Hi,
How to handle exceptions and show messages in a web application? In
windows application we can create a log file and show the message on message
box.What is the way to do it in a web application?
