8. November 2008
AngryCoder
asp.net
Exception handling in asp.netFrankly speaking, handling exceptions is a real art, and especially when you break your application in different chunks of classes and forms. Some time it becomes unimaginably difficult to catch a simple error at runtime without managing exception block. When it comes to extendibility of the application unexpected errors become a night mare for programmers.After the request of many friends who are the regular reader of this blog , I have decided to share my approach to handle exception.Have look at the following piece of code.
Namespace CustomExceptionsPublic Class Exception_SqlInjectionInherits ExceptionPublic Sub New()MyBase.New(ConfigurationSettings.AppSettings("Exception_SqlInjection"))MyBase.Source = "SqlInjection"End SubEnd ClassEnd Namespace
In the above code I am doing a real simple thing. Let me just give you a quick Idea
Namespace CustomExceptionsPublic Class Exception_SqlInjectionInherits Exception
Creating a namespace called “CustomExceptions” and a class under that namespace which is called “Exception_SqlInjection”, Notice that this class is inheriting “Exception” class. It means that “Exception_SqlInjection” is now become an exception I can call it anywhere.
Public Sub New()MyBase.New(ConfigurationSettings.AppSettings("Exception_SqlInjection"))MyBase.Source = "SqlInjection"End SubEnd ClassEnd Namespace
Constructor of “Exception_SqlInjection” in which we are calling the base class and providing the error message. Notice that we are reading error messages from web.config file (App settings). And in the 3rd line we are simply giving the source to the base class which is a simple text “SqlInjection”The web.config for the code above will look like this.
<configuration> <appSettings> <add key="Exception_SqlInjection" value="Sorry Kid !!! but you cannot apply sql injection here try some where else ...... and by the way better luck next time :)"/> </appSettings></configuration>
The moment when we call the above created exception the value of the key "Exception_SqlInjection" will be returned by exception as message.Now lets get down to the implementation of the above exception in a real life case. The scenario is I want to check the input of the user On Click event of Command Button.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.ClickIf TextBox1.Text.IndexOf("'") <> -1 ThenThrow New CustomExceptions.Exception_SqlInjectionEnd IfEnd Sub
The above code is simply check the Textbox for the character “ ‘ “ and if it found any it will just throw a yellow page to browser.BINGOOOOOOO !!!!!The purpose of using exception is not to see the yellow screen every time, don’t be upset the next chunk of code will catch this exception and take the appropriate action. Here you might be thinking that why there is need to throw our own exception. So the answer is some time application may need to behave different on different occasions. That is why we use exceptions to throw our own error in a proper way.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.ClickTryIf TextBox1.Text.IndexOf("'") <> -1 ThenThrow New CustomExceptions.Exception_SqlInjectionEnd IfCatch ex As CustomExceptions.Exception_SqlInjection'might you want the system to block this IP, or trace the IP or to email yourself about this attack.Response.Write("custom Exception :" & ex.Message)Catch ex As ExceptionResponse.Write("default Exception :" & ex.Message)End TryEnd Sub
Now you have created your own exception and catching it at the front end. Furthermore, if you like to create more exceptions just create another class with the namespace “CustomExceptions”.Example :
Namespace CustomExceptionsPublic Class Exception_SqlInjectionInherits ExceptionPublic Sub New()MyBase.New(ConfigurationSettings.AppSettings("Exception_SqlInjection"))MyBase.Source = "SqlInjection"End SubEnd ClassPublic Class Exception_WebConfigInherits ExceptionPublic Sub New()MyBase.New("The key value you are looking for is not available in the web.config this is the crucial problem please contact to administrator")End SubEnd ClassEnd Namespace
In the newly created class I pass a simple text instead to the base class instead of calling Web.Config file for error message.Cheers.