Web Application Error Handling in ASP.NET

By Adam Tuliper

All applications should have error handling. This we all know. We can't always be notified of an unhandled error (and usually aren't) when one occurs on a client's machine. The advantage we have on the Web is that we can always be notified when an unhandled error occurs. With the advent of ASP.NET, there are some great new ways to handle errors. There are some differences in .NET in not only how to handle the error, but how the information is provided to you. For example, classic ASP uses Server.GetLastError to return an ASPError object. You can and should still use Server.GetLastError in .NET, but this now returns a type System.Exception. I must give Microsoft credit for making almost everything consistent in .NET, which is quite a welcome change.

The Problem

Errors will occur in our applications. We try to trap for most errors using try-catch blocks (or the only possibility in tradional ASP 'on error resume next'); however, we usually don't cover every possible exception. What happens when an unhandled error occurs? Usually the user is brought to IIS's default error pages (usually located in c:\winnt\help\iishelp\common). The downsides are you have no idea when this occurs and the page doesn't have your site's look and feel. Errors are a development fact, but we strive to eliminate or handle them gracefully. With this in mind, we need to know:

  1. When an error occurs
  2. Where it occurred
  3. What the error is

Having a central location such as the event log, database or some other log file to log errors is essential for debugging this problem later (I call this forensics debugging).

IIS provides great error-handling capabilities. There are some problems with these though. Sometimes we know an error will occur, and we can't always trap for it in a nice way without overriding the site's (done in the IIS custom errors Page; see the article mentioned above) default error redirection page. For example, upon access to a resource that requires authentication, we may need to redirect to an application's login page. Also, a very common problem exists with Web hosts. If you have a hosted Web site, you usually have no control over its IIS configuration. Thus, setting up custom error pages can be next to impossible in traditional ASP. This is elimiated with ASP.NET, as you will learn as you read on.

The Solution

For such a list of problems, the solution is actually pretty simple. There are three places in ASP.NET to define what happens to these unhandled errors.

  1. In the web.config file's customErrors section.
  2. In the global.asax file's Application_Error sub.
  3. On the aspx or associated codebehind page in the Page_Error sub.

The actual order of error handling events is as follows:

  1. On the Page itself, in the Page_Error sub (this is default, you can name it anything because it specificed Handles MyBase.Error)
  2. The global.asax Application_Error sub
  3. The web.config file

Note: To cancel the bubbling up of the error at anytime for the Page_Error or Application_Error, call the "Server.ClearError" function in your sub. Each method has its own uses, as I will explain.

When an exception occurs in your application, it should be an object inherited from type System.Exception, and as such will have the following public members:

HelpLinkGets or sets a link to the help file associated with this exception.
InnerExceptionGets the Exception instance that caused the current exception.
MessageGets a message that describes the current exception.
SourceGets or sets the name of the application or the object that causes the error.
StackTraceGets a string representation of the frames on the call stack at the time the current exception was thrown.
TargetSiteGets the method that throws the current exception.

Using the Page_Error or OnError sub

The first line of defense in error handling happens at the page level. You can override the MyBase.Error sub as such: (Visual Studio will complete the code if you click either the Overrides or BaseClass events in the editor). The two functions you can use (one or the other, both will not work as only one will get called)


    Private Sub Page_Error(ByVal sender As Object, ByVal e As System.EventArgs) 
Handles MyBase.Error
    
    End Sub

Or you can use this one:
  
	Protected Overrides Sub OnError(ByVal e As System.EventArgs)

    End Sub


Handling errors in these subs is a simple process. Just call Server.GetLastError to return the error. If you want to redirect to a specific page here you can just call Response.Redirect ("HandleError.aspx") or whatever your page may be. This method of handling errors is good for several reasons.
  1. If you need to override the Application_Error or the customErrors setup in the web.config file
  2. If each page must implement it's own error handling If you need to log specific information and then carry on, just code for your logging or whatever here, and that is all. If you need to cancel the error processing here (so it doesn't go to the Application_Error or customErrors) simply call Server.ClearError in this sub.

Using the global.asax File

The global.asax file contains the next line of defense against errors. When an error occurs, the Application_Error sub is called. This location happens to be my favorite place to log errors because it is the most functional. For most of my applications in .NET, I don't handle too many custom errors at the page level. I handle them at the application level. The only two locations that actually give you access to Server.GetLastError are in the Page_Error and Application_Error subs.

After the Page_Error is called, the Application_Error sub is called. Here you can also log the error and redirect to another page. I won't explain anything else about it because it is basically the same as the Page_Error but happens to be at the application level rather than the page level.

Using the web.config File

The customErrors element of the web.config file is the last line of defense against an unhandled error. If you have other error handlers in place, like the Application_Error of Page_Error subs, these will get called first. Provided they don't do a Response.Redirect or a Server.ClearError, you should be brought to the page(s) defined in the web.config. In the web.config file, you can handle specific error codes (500, 404, etc), or you can use one page to handle all errors. This is a major difference between this method and the others (although you can emulate this by doing various Response.Redirects using the other methods). Open up your web.config file. The customErrors section uses this format:


<customErrors defaultRedirect="url" mode="On|Off|RemoteOnly">
   <error statusCode="statuscode" redirect="url"/>
</customErrors>


Here is some important information about the "mode" attribute:

"On" specifies that custom errors are enabled. If no defaultRedirect is specified, users see a generic error.

"Off" specifies that custom errors are disabled. This allows display of detailed errors.

"RemoteOnly" specifies that custom errors are shown only to remote clients, and ASP.NET errors are shown to the local host. This is the default.

By default, the section looks like this when you create a Web application.


<customErrors mode="RemoteOnly" />

This will show a generic page to users. To redirect it to one of your own pages, you would change it to this:

<customErrors mode="On" defaultRedirect="error.htm" />

Now all errors that occur will be brought to the error.htm page.

To handle specific errors, and redirect to the error page for everything else you can specify the error code you want specially handled like so:


<customErrors mode="On" defaultRedirect="error.htm">
    <error statusCode="500" redirect="error500.aspx?code=500"/>

    <error statusCode="404" redirect="filenotfound.aspx"/>
    <error statusCode="403" redirect="authorizationfailed.aspx"/>
</customErrors> 

There is a problem here with this solution. Once the redirect is done, your error information is no longer available on the redirected page. This is because IIS (via the .net framework) performs a plain old GET request to the error page and does not do a "Server.Transfer" like the built-in IIS error handling does.

The only information available to you at this time is the URL that caused this error to be raised. This is located on the querystring as "aspxerrorpath": http://localhost/ErrorHandling/error500.aspx?aspxerrorpath=/ErrorHandling/WebForm1.aspx. The only places this information is available is the two methods described above.

Another interesting point about the above customErrors element is that you can specify different error pages for different subdirectories.

For this example, let's say you have a directory named "Customers" off of your root directory that contains a branding specific for logged in customers but is not in its own application. As such you want to define a different set of pages for errors. Please note that these pages specified in the "redirect" attribute are relative to the "Customers" subdirectory and not the root path of your site. I have also included a security rule which says only MYDOMAIN\Customers can access these files. You can define rules for these errors in the web.config file:


<configuration>
   <system.web>
      ...
      ...
   </system.web>

   <!-- Configuration for the "Customers" subdirectory. -->
   <location path="Customers">

      <system.web>
  	<customErrors mode="On" defaultRedirect="error.htm">
		<error statusCode="500" redirect="CustomerError500.aspx"/>
		<error statusCode="401" 
redirect="CustomerAccessDenied.aspx"/>
		<error statusCode="404" 
redirect="CustomerPageNotFound.htm"/>
		<error statusCode="403" redirect="noaccessallowed.htm"/>

	</customErrors>       
	<authorization>
		<allow roles="MYDOMAIN\Customers" />
		<deny users="*" />
	</authorization>
      </system.web>

   </location>

Note: One thing I found in development is there seems to be an inheritance order for these errors. What I mean by this is if you have a 500 error defined for the root site, but none defined for the customers directory, but you DO have a defaultRedirect set for the customer directory, the 500 handler defined at the root level will be called. So if a parent directory has a handler.

Using the Code

I have created an application with settings, so you can get an idea of how to configure your code. In the zip file there is a solution containing two projects.

The first is a Web project that has some buttons to cause different errors. It also shows an example of handling the error through the page, global.asax, and web.config file. There will also be a DotNetErrorLog.sql you can run in query analyzer to create a database (and user) to start logging errors ASAP.

You will notice in my web.config I have the following:


 <appSettings>
	  <add key="ErrorLoggingLogToDB" value="True" />
	  <add key="ErrorLoggingLogToEventLog" value="True" />
	  <add key="ErrorLoggingLogToFile" value="True" />

	  <add key="ErrorLoggingConnectString" value="Initial 
Catalog=DotNetErrorLog;Data Source=localhost;Integrated Security=SSPI;" />
	  <add key="ErrorLoggingEventLogType" value="Application" />
	  <add key="ErrorLoggingLogFile" value="c:\ErrorManager.log" />	  
  </appSettings>

This is where I keep specific settings for an application. You do not have to worry about keeping it in the registry, and this is great for moving your applications between development, integration, and production environments (if you are blessed with that). For better security, you can incorporate the encryption classes in .NET to encrypt the database connection info and store that information in the web.config rather than the plain text connectstring, but that obviously isn't the purpose of this article. The settings pretty much are as follows:

  1. To log to a db:
    1. ErrorLoggingLogToDB - Set to "True" to tell the app you want to log info into the db
    2. ErrorLoggingConnectString - The connect string to connect to the database to store errors

  2. To log to the event log:
    1. ErrorLoggingLogToEventLog - Set to "True" to tell the app you want to log error information to the event log
    2. ErrorLoggingEventLogType - The name of the event log to log to (ex. System, Application, etc etc.). You can even create your own log just for web errors too, which could be ideal for large sites!

  3. To log to a text file:
    1. ErrorLoggingLogToFile - Set to "True" to tell the app you want to log info to a text file
    2. ErrorLoggingLogFile - The path of the file to log errors to

Here is a sample of what to expect in the log file or the event log:

-----------------12/20/2002 3:00:36 PM-----------------
SessionID:qwyvaojenw1ad1553ftnesmq
Form Data:
__VIEWSTATE - dDwtNTMwNzcxMzI0Ozs+4QI35VkUBmX1qfHHH8i25a/4g4A=
Button1 - Cause a generic error in the customer directory
1: Error Description:Exception of type System.Web.HttpUnhandledException was thrown.
1: Source:System.Web
1: Stack Trace: at System.Web.UI.Page.HandleError(Exception e)
1: at System.Web.UI.Page.ProcessRequestMain()
1: at System.Web.UI.Page.ProcessRequest()
1: at System.Web.UI.Page.ProcessRequest(HttpContext context)
1: at System.Web.CallHandlerExecutionStep.Execute()
1: at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
1: Target Site:Boolean HandleError(System.Exception)
2: Error Description:Object reference not set to an instance of an object.
2: Source:ErrorHandling
2: Stack Trace: at ErrorHandling.WebForm2.Button1_Click(Object sender, EventArgs e) in C:\Inetpub\wwwroot\ErrorHandling\Customers\WebForm2.aspx.vb:line 26
2: at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
2: at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
2: at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
2: at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
2: at System.Web.UI.Page.ProcessRequestMain()
2: Target Site:Void Button1_Click(System.Object, System.EventArgs)

First, the date and time is logged. Secondly, the user's session id is logged. These session ids look quite different than classic asp session ids which were all numeric. The next line contains any form data on the page. This is great especially if they filled in information on the page, and that information caused your app to bomb. All of the lines with "1" in front of it are the first error. This contains the description, source, stack track and what function caused the error. Starting at the "2"s, this is the error generated before #1. Error #2 here is the "InnerException" to error one. This is a new idea here (from classic asp or vb) since it allows error information to have a hierarchy to it. Some errors can be trapped, and rethrown with a new error giving more specific information.

Another idea is to use the SMTP component to e-mail you when an error occurs, enabling you to be proactive for errors. This would be a simple addition to the appSettings section above to hold an e-mail address and simply use the CErrorLog.GetErrorAsString to get the text needed to send an e-mail out.

Special Notes

- I read somewhere on the Net that someone recommended taking the error number and then looking up the proper message in a database to display to the user.

I like this idea; however, the downside is if an unexpected database error occurs, then you have just lost your errorpage ability.

- A quick note about performing a redirection inside a try-catch block:

If you want to redirect to a page within a given try-catch block in your code (custom error handlers included), understand this can fail under certain circumstances because a Response.Redirect calls Response.End within its internal code, creating problems. You must call Response.Redirect("pagename.aspx",False") which specifies the redirect call and will not call Response.End, thus, preventing the exception.

Good luck and happy error logging!

About the Author

Adam Tuliper's professional career involves developing .Net, COM, VB, ASP, C, C++, and SQL Server solutions for business solutions and consumer applications. He's been developing for over six years professionaly. He is also the owner of gecko software, where they develop Internet center software, system monitoring, and security scanning software. He has a degree in CIS. He also serves as a security consultant to several companies.



Downloads

Comments

  • Por qué planchas ghd son tan populares superventas ghd en España

    Posted by uomsbb290 on 07/25/2013 09:19pm

    GHD Pink Limited muestra siempre un aumento en gran tendencia esta temporada rosa es una tendencia esta temporada. Está equipado con características avanzadas tales como la mejora del control de temperatura para mantener el calor durante el peinado, un modo de espera y la tensión universal. Además, GHD es el estilo perfecto de la Nueva Hermosa rosa Styler Box Set es un secreto, porque todo está encerrado en una caja hermosa, por lo que este conjunto un regalo perfecto: Usted puede disfrutar de envío gratis a Dinamarca, no hay impuesto y guardar 50% off. Si usted tiene alguna pregunta, por favor póngase en contacto con nosotros. tenemos la capacidad de ofrecer el mejor servicio. No lo dude, aprovechar la oportunidad para comprar moda ghd planchas fladjern.ghd son el absoluto último en peluquería. Con planchas ghd, usted no está solo enderezar su cabello - que también puede utilizar su plancha para el cabello GHD para crear rizos grandes y voluminosos glamour, longitudes de movimiento, cuello de soldadura o un montón de volumen en la parte superior. [url=http://ghdchheapoutlet.moonfruit.com/]GHD España[/url] Ahora estoy pensando en comprar uno, porque a pesar de que BaByliss es justo, y yo me hará sentir relajado, no pierda demasiado tiempo y pelo de la onda, quiero comprar oro clásico, esta es mi tienda de barbero pelo en este usted puede encontrar si quieres una edición limitada de la caja es de alrededor de € 199, pero están en línea, usted puede encontrar bastante barato ... Sin embargo, tenga cuidado, porque hay un montón de imitación, usted puede vender el precio falso deficiencia de la hormona del crecimiento. [url=http://ghdplanchasde.blinkweb.com/]ghd baratas[/url] Los stylers ghd iv hechos de styler está diseñado para ser lo más cómodo posible. La plancha ghd IV Mini es la versión más pequeña de GHD, que son populares entre las personas con el pelo corto. Cierre automático La nueva generación de ghd IV styler ha sido equipado con una característica integral de seguridad para evitar que se salga accidentalmente el cabello a la vez unattended.Do usted quiere tener un set? Si lo hace, usted no debe dudar más, Tomar ghd hjem.Den GHD Glam Palm es la versión más pequeña de ghd, que es popular entre la gente con el pelo corto. Venta caliente GHD nu.Hvis usted todavía se pregunta dónde comprar ghd iv styler, y puedo decirle que usted puede tratar de comprar ghd iv styler en la tienda online, planchas ghd que son de alta calidad y el precio razonable.

    Reply
  • odophignhoing raspberry ketone

    Posted by odophignhoing on 06/18/2013 02:10pm

    What i don't realize is in fact how you are now not actually a lot more neatly-appreciated than you may be now. You are very intelligent. You know therefore considerably in the case of this subject, produced me in my view consider it from numerous numerous angles. Its like men and women aren't interested except it's one thing to do with Woman gaga! Your individual stuffs outstanding. At all times care for it up! Learn More

    Reply
  • 8 Straight Forward Info Regarding coach bags Shown

    Posted by Impoptagacutt on 01/23/2013 12:54am

    YfmJzi [url=http://www.coachjabags.com/]コーチ アウトレット[/url] OyhNiu [url=http://www.coachjabags.com/]coach バッグ[/url] EurVux [url=http://www.coachjabags.com/]コーチ トートバッグ[/url] BklXex [url=http://www.coachjabags.com/]コーチ 財布 新作[/url] PisGlg [url=http://www.coachjabags.com/]コーチ 長財布 激安[/url] MeuLdm [url=http://www.coachjabags.org/]コーチ[/url] QssGam [url=http://www.coachjabags.org/]coach アウトレット[/url] RazVvd [url=http://www.coachjabags.org/]コーチ 店舗[/url] FfbEye [url=http://www.coachjabags.org/]コーチ 財布 新作[/url] VsePjd [url=http://www.coachjabags.org/]coach 財布 ランキング[/url] RazZbf [url=http://www.coachjabags.net/]coach[/url] QgrRrx [url=http://www.coachjabags.net/]コーチ メンズ[/url] OhtYad [url=http://www.coachjabags.net/]コーチ 店舗[/url] BdbGyz [url=http://www.coachjabags.net/]コーチ 財布 新作[/url] WbkTcv [url=http://www.coachjabags.net/]coach 財布 ランキング[/url] PlrKpi

    Reply
  • Five Different Fundamental Details Of coach bags Outlined

    Posted by Impoptagacutt on 01/21/2013 03:39pm

    AtjSnv [url=http://www.coachjabags.com/]コーチ アウトレット[/url] XpaVsx [url=http://www.coachjabags.com/]コーチ メンズ[/url] JhhVee [url=http://www.coachjabags.com/]コーチ トートバッグ[/url] KuaEye [url=http://www.coachjabags.com/]コーチ 財布 新作[/url] WlyNkn [url=http://www.coachjabags.com/]coach 財布 メンズ[/url] KykTma [url=http://www.coachjabags.org/]コーチ[/url] BlrEve [url=http://www.coachjabags.org/]コーチ 長財布[/url] GjpLzq [url=http://www.coachjabags.org/]coach メンズ[/url] DtzIyw [url=http://www.coachjabags.org/]コーチ 新作[/url] YfyFxg [url=http://www.coachjabags.org/]coach 財布 ランキング[/url] PjeMsv [url=http://www.coachjabags.net/]coach[/url] AvyMap [url=http://www.coachjabags.net/]coach アウトレット[/url] BajMnj [url=http://www.coachjabags.net/]コーチ 店舗[/url] OwdMhb [url=http://www.coachjabags.net/]財布 コーチ[/url] KtmJwf [url=http://www.coachjabags.net/]coach 財布 アウトレット[/url] FfySvz

    Reply
  • BiptVetegex

    Posted by BiptVetegex on 11/16/2012 05:47am

    rvqkhwrvg Canada Goose rgyynpykt http://canadagoosejakkerlove.com/ Canada Goose Norge bkizwityk canada goose ufmrzqrrp http://goosejacketsoutletsale.com/ canada goose jackets

    Reply
  • canada goose outlet

    Posted by oblintyiniday on 11/15/2012 09:20pm

    qtegnhkvh Canada Goose Norge vtxwyhchf http://canadagoosejakkerlove.com/ Canada Goose Norge kxrgbytby canada goose outlet mlbzihhla http://goosejacketsoutletsale.com/ canada goose outlet

    Reply
  • BiptVetegex

    Posted by BiptVetegex on 11/14/2012 04:26am

    zpjtsbuuz Canada Goose Jakker pbbmdrbam http://canadagoosejakkerlove.com/ Canada Goose Norge vmvnwfjot canada goose outlet xubgzledt http://goosejacketsoutletsale.com/ canada goose jacket

    Reply
  • canada goose jacket

    Posted by oblintyiniday on 11/13/2012 09:27am

    auzyulymb Canada Goose Jakker Salg qlvmtkxzh http://canadagoosejakkerlove.com/ Canada Goose Jakker rafndmkoa canada goose jacket spnznuvat http://goosejacketsoutletsale.com/ canada goose jacket

    Reply
  • BiptVetegex

    Posted by BiptVetegex on 11/12/2012 09:53pm

    jqzdlkryx Canada Goose Jakker Salg wvtsgnovl http://canadagoosejakkerlove.com/ Canada Goose Jakker qktezkinj canada goose wbewvdyhh http://goosejacketsoutletsale.com/ canada goose

    Reply
  • BiptVetegex

    Posted by BiptVetegex on 11/12/2012 08:20pm

    fvzbopcyz Canada Goose Parka ekdjpzgbl http://canadagoosejakkerlove.com/ Canada Goose Jakker Salg fqklyergx canada goose parka ncbxrdkau http://goosejacketsoutletsale.com/ canada goose

    Reply
  • Loading, Please Wait ...

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • IBM Worklight is a mobile application development platform that lets you extend your business to mobile devices. It is designed to provide an open, comprehensive platform to build, run and manage HTML5, hybrid and native mobile apps.

  • Open source and cloud computing have long promised cost efficiencies, yet many organizations have shied away from these technologies due to security and reliability concerns. Now, open source has proven itself stable, and the cloud has become as secure—or even more secure—than on-premises implementations. Read this white paper to learn how you can get the accessibility of open source and the flexibility and affordability of cloud computing combined in a compelling storage option for companies …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds