I am developing a distributed application. In it, there are roles and sets of permissions that I must validate.
Is a good pratice to throw an exception, in per example, unauthorized access?
Or should I send some message back to the client?
On your service operation, you can specify a FaultContract that will serve both purposes like so:
[OperationContract]
[FaultContract(typeof(MyServiceFault))]
void MyServiceOperation();
Note that MyServiceFault must be marked with DataContract and DataMember attributes, in the same way you would a complex type:
[DataContract]
public class MyServiceFault
{
private string _message;
public MyServiceFault(string message)
{
_message = message;
}
[DataMember]
public string Message { get { return _message; } set { _message = value; } }
}
On the service-side, you are then able to:
throw new FaultException<MyServiceFault>(new MyServiceFault("Unauthorized Access"));
And on the client-side:
try
{
...
}
catch (FaultException<MyServiceFault> fault)
{
// fault.Detail.Message contains "Unauthorized Access"
}
Well, you can catch all exceptions in the WCF service implementations methods and rethrow them as FaultExceptions. By doing it this way, the exception will be rethrown on the client with a message of your choosing:
[OperationContract]
public List<Customer> GetAllCustomers()
{
try
{
... code to retrieve customers from datastore
}
catch (Exception ex)
{
// Log the exception including stacktrace
_log.Error(ex.ToString());
// No stacktrace to client, just message...
throw new FaultException(ex.Message);
}
}
To avoid having unexpected errors relayed back to the client, it's also a good practice to never throw Exception instances in code on the server-side. Instead create one or more of your own exception types and throw them. By doing so, you can distinguish between unexpected server processing errors and errors that are thrown due to invalid requests etc:
public List<Customer> GetAllCustomers()
{
try
{
... code to retrieve customers from datastore
}
catch (MyBaseException ex)
{
// This is an error thrown in code, don't bother logging it but relay
// the message to the client.
throw new FaultException(ex.Message);
}
catch (Exception ex)
{
// This is an unexpected error, we need log details for debugging
_log.Error(ex.ToString());
// and we don't want to reveal any details to the client
throw new FaultException("Server processing error!");
}
}
Throwing general Dot Net Exceptions would make the service client proxies and the server channel to go in faulted state if you are not using basicHTTPBinding ...To avoid that you should always throw FaultException from the service...
from you catch block just use:
throw new FaultException("Your message to the clients");
Related
Scenario
I have a .NET Core 2.2 web API with an exception handling middleware. Whenever an exception occurs in the application (inside the MVC layer) it gets caught by the exception middleware and returned as an internal server error back to the frontend and logged to kibana.
The problem
This is all fine and well when things go wrong, but sometimes I want to notify the calling application of specifically what went wrong. I.e., "Could not find record in database!" or "Failed to convert this to that!"
My Solution
I've used application Exceptions (not great - I know) to piggy back off the error middleware to return this to the frontend. This has been working fine, but has created a lot of noise around the code by having to throw a whole bunch of exceptions. I'm not satisfied with this approach and convinced that there must be a better solution.
My application architecture: I'm following a traditional n-tier application layout being services (business logic) and repositories (DAL) all speaking to each other. I would preferably like to elegantly bubble up any issues back to the user in any of these layers.
I've been thinking about this for a while now and am not sure what the best way to go about it is. Any advice would be appreciated.
I use a kind of the operation result pattern (non-official pattern).
The principle is to return a new Type containing:
Whether the operation was a success.
The result of the operation if was successful.
Details about the Exception that caused the failure.
Consider the following class:
public class OperationResult
{
protected OperationResult()
{
this.Success = true;
}
protected OperationResult(string message)
{
this.Success = false;
this.FailureMessage = message;
}
protected OperationResult(Exception ex)
{
this.Success = false;
this.Exception = ex;
}
public bool Success { get; protected set; }
public string FailureMessage { get; protected set; }
public Exception Exception { get; protected set; }
public static OperationResult SuccessResult()
{
return new OperationResult();
}
public static OperationResult FailureResult(string message)
{
return new OperationResult(message);
}
public static OperationResult ExceptionResult(Exception ex)
{
return new OperationResult(ex);
}
public bool IsException()
{
return this.Exception != null;
}
}
Then you could easily adapt OperationResult or create a class that inherits from OperationResult, but uses a generic type parameter.
Some examples:
The Operation Result Pattern — A Simple Guide
Error Handling in SOLID C# .NET – The Operation Result Approach
As per the Microsoft's standards, it is ideal to use ProblemDetails object in case of 4xx/5xx exceptions -
Following is the customised RequestDelegate method which you can use in ApiExceptionHandler to handle exceptions.
public async Task RequestDelegate(HttpContext context)
{
var exception = context.Features.Get<IExceptionHandlerFeature>().Error;
var problemDetails = new ProblemDetails
{
Title = "An unexpected error occurred!",
Status = GetStatusCode(exception),
Detail = _env.IsDevelopment() ? exception.Message : "An unexpected error occurred!",
Instance = $"{Environment.MachineName}:{context.TraceIdentifier}:{Guid.NewGuid()}"
};
_logger.LogError($"Exception thrown. StatusCode: {problemDetails.Status}. Instance: {problemDetails.Instance}", exception);
context.Response.StatusCode = problemDetails.Status.Value;
context.Response.WriteJson(problemDetails, "application/problem + json");
await Task.CompletedTask;
}
I have an MVC controller that uses a payment service class. Where should I do the exception handling? What is best practice?
Do I use try/catch blocks in both my controller and service class?
Is the exception just thrown again in the service class so it can be handled in the controller? Or should all the exception handling be done in the controller?
I can catch Stripe specific exceptions, should that be done in the service class or controller? Confused...
public async Task<IActionResult> DoSomething(MyViewModel model)
{
try
{
await _paymentService.UpdateSomethingAsync(id, token);
}
catch (Exception ex)
{
//handle
}
enter code here
}
public class PaymentService : IPaymentService
{
public async Task UpdateSomethingAsync(string id, string token)
{
try
{
//update using Stripe...
}
catch (Exception ex)
{
//TODO: Implement error handling
throw;
}
}
}
I guess exception handling must be at service level as it should be self capable of catching and handling all the exceptions(also, to log it at service level for later analysis) occurred at service level and throwing it in its original form (or as per the need it can be customized at service level) to the receiver.
Receiver (controller in this case) should have it's own error handling mechanism as it is a different layer of application and may require some manipulation over exceptions or it's logging at UI level. Here, note that if there is no manipulation or logging of exception or error is required you can directly show service level exception and remove catch from controller.
Hope it make sense.
just write the same code in catch which is in try{ } because catch never pass back or return the value .
try
{
cust_id = txtID.Text;
submit changes();
lblmessage.Text = "Data Save";
}
catch (Exception ex)
{
lblmessage.Text = "Saving error";
cust_id = txtID.Text;
submit changes();
}
Does the class Exception have an unique Id or any other unique modifier (GUID,... )?
I'm logging the generated exceptions inside a backend-service. But my goal is to only log each exception once.
Perhaps an example might of some use here:
The Service has 3 layers:
DAL (SQL-Interaction)
=> Exception A occurs here and is being logged into the database
BL (BusinessLayer)
=> Exception A is passed to here but isn't being logged
=> Exception B is thrown here and is being logged into the table
Services (Service Interface)
=> Exception A is passed to here but isn't being logged
=> Exception B is passed to here but isn't being logged
...
Client-solutions
My current solution (which i personnally really don't like):
I've written a own exception (inherits from the base class exception). when any exception is thrown for the first time then its being logged. Then its being cast to my own exception and rethrown. Exceptions of type of my own exceptions are nog logged in the database
example (This is pseudo code)
DAL - Layer
try{}
catch (Exception e)
{
// log in database
// log in logfile
// Cast to OwnException
// rethrown as OwnException
}
BL - Layer
try{}
catch (OwnException e)
{
// log in logfile
// rethrow e
}
catch (Exception e)
{
// log in database
// log in logfile
// Cast to OwnException
// rethrow as OwnException
}
Update: What i'm actually looking for is an Id/unique modifier. I would scan the database for the presence of this id. And if this id isn't present then i would write a record. If its present then it would just be rethrown.
You can create your Exception and create a new propertie boolean as "Logged" , when you log the exception you set true to "Logged" and in your anothers layers before log you need to verify if is not logged.
public class YourException : ApplicationException
{
public YourException () { }
public YourException (string message) : base(message) { }
public YourException (string message, Exception innerException) : base(message, innerException) { }
public bool LoggedInLogFile { get; set; }
public bool LoggedInDataBase { get; set; }
}
In your DAL:
try{}
catch (Exception e)
{
// log in database
// log in logfile
var ex = new YourException (e.Message);
ex.LoggedInLogFile = true;
ex.LoggedInDataBase = true;
throw ex;
}
In your Service Layer:
try{}
catch (YourException e)
{
if(!e.LoggedInLogFile)
//Log in file
if(!e.LoggedInDataBase)
//Log in Database
}
I wouldnt create my own custom exception. What I would do is explicitly catch the exceptions I know can occur in the DAL, For example an SQLException. In the BL catch specific exceptions that can occur there, and let the rest propogate upwards.
It is unlikely that your BL and DAL would need to log the same exceptions, seperate them so each of them catches the set they are responsible for, and then rethrow them so the client UI can catch them.
Edit
Forgot to mention, make sure when you rethrow to use:
throw,
And not:
throw ex;
So you wont lose your stacktrace
In my case, I have a WCF Service (MyService.svc). I also have a client application that is instantiating and consuming the service contract.
What is the best way to handle exceptions at the service level and "transmit" them over to the client in an orderly and self-describing way?
If I have an unhandled exception on the WCF service, it seems as though that bubbles back to the client application as a CommunicationException.
But what's the best way to throw an exception at the service-level and have that same exception transmitted to the client-level? Or if I don't handle an exception at the service-level (or just re throw it at the service-level) how can that get explicitly directed to the client?
Or is that not typically how this SOA would work? What's the "right way" here?
Thanks!
First, if you want to pass the exception over the protocol, you have to wrap it in a faultexception, otherwise you will get a server error.
Use the FaultContract attribute over methods to enable faultContract and define the message you want to pass using creating a Message contract:
public interface IMyService
{
[OperationContract]
[FaultContract(typeof(Message))]
void WCFOperation();
}
[DataContract(Namespace = "http://www.mycompany.pt/myservice")]
public class Message
{
String _code;
[DataMember]
public String Code
{
get { return _code; }
set { _code = value; }
}
String _text;
[DataMember]
public String Text
{
get { return _text; }
set { _text = value; }
}
}
To convert exceptions to FaultExceptions, i use the following helper:
class Helper
{
internal static System.ServiceModel.FaultException<Message> ConvertToSoapFault(MyException ex)
{
FaultCode fc = new FaultCode(ex.Code);
return new FaultException<Message>(new Message(){ Text= ex.Message, Code= ex.Code});
}
internal static System.ServiceModel.FaultException ConvertToSoapFault(Exception ex)
{
return new FaultException(ex.Message);
}
}
Finally, at the operationContract implementation, simple do this:
public void WCFOperation()
{
try
{
...
}
catch (Exception ex)
{
Helpers.publishError(ex);
throw Helpers.ConvertToSoapFault(ex);
}
}
after 2 days of trying to find out why my service isn't working I finally find the cause. Everytime I try to throw a new FaultException<AuthenticationException>, the server isn't actually throwing this but catching it itself.
So what is happening is that when I throw the exception the server is crashing with an unhandled System.ServiceModel.FaultException1`.
Here is my custom exception class:
[DataContract]
public class AuthenticationException
{
private string validationError;
[DataMember]
public string ValidationError
{
set { validationError = value; }
get { return validationError; }
}
public AuthenticationException()
{
}
public AuthenticationException(string valError)
{
validationError = valError;
}
}
And my interface:
[ServiceContract]
public interface IAuthenticator
{
[OperationContract]
[FaultContract(typeof(AuthenticationException))]
Account authenticateApplication(string userName, string Password);
What can cause this?
Edit: This is how I am throwing the exception:
catch (Exception)
{
throw new FaultException<AuthenticationException>(new AuthenticationException("There was a general error during the process."), new FaultReason("Error"));
}
Maybe your IIS server is not configured to allow passing exception to the client.
Follow the step 2 "Enable detailed errors for remote clients." of this post