集中式 ASP.NET 错误处理:与应用程序错误。两者都可以使用吗?
目前,我们正在通过 global.asax.vb 中的 Application_Error 进行错误处理:
Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
OurLibrary.HandleError(Me)
End Sub
HandleError 然后将错误记录到数据库中,显示一条信息性消息给用户并根据发生的异常类型返回正确的状态代码(404 或 500):
Public Shared Sub HandleError(httpApp As HttpApplication)
''# do some logging
...
''# show some details about the error and information about how to contact us
httpApp.Response.Write(...)
httpApp.Response.StatusCode = 404 or 500
httpApp.Server.ClearError()
End Sub
Server.ClearError 是必要的,因为否则默认的 ASP.NET 错误处理将启动并且用户显示 - 取决于
使用 ClearError 的缺点是我无法再使用
我知道我可以使用 only customErrors 并在 defaultRedirect 属性引用的页面中显示用户的信息,但这需要我将此错误页面添加到每个 Web 项目中(而不是将所有内容都很好地集中在一个库函数中)。
是否可以在 Application_Error 中进行常规错误处理,但仍然允许它被
PS:我们的许多应用程序都托管在客户的服务器上(而不是我们自己的服务器),因此“将所有信息放入应用程序日志中而不向用户显示任何内容”并不是真正的选择。
解决方案:将 httpApp.Server.ClearError() 替换为
If Not HttpContext.Current.IsCustomErrorEnabled Then httpApp.Server.ClearError()
Currently, we are doing error handling via Application_Error in global.asax.vb:
Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
OurLibrary.HandleError(Me)
End Sub
HandleError then logs the error into a database, displays an informative message to the user and returns the correct status code (404 or 500) depending on the type of exception that occurred:
Public Shared Sub HandleError(httpApp As HttpApplication)
''# do some logging
...
''# show some details about the error and information about how to contact us
httpApp.Response.Write(...)
httpApp.Response.StatusCode = 404 or 500
httpApp.Server.ClearError()
End Sub
Server.ClearError is necessary, because otherwise the default ASP.NET error handling kicks in and the user is shown -- depending on the current state of <customErrors> -- either the "yellow screen of death" or an information message about how <customErrors> can be turned off.
The drawback of using ClearError is that I can no longer use <customErrors> to override the error handling behaviour -- something which brought quite a bit of trouble during the recent ASP.NET vulnerability, where the recommended workaround was done using <customErrors>.
I know that I could use only customErrors and show the information for the user in the page referenced by the defaultRedirect attribute, but that would require me to add this error page to every single web project (rather than having everything nicely centralized in one library function).
Is it possible to do regular error handling in Application_Error, but still allow it to be overridden by <customErrors>? Is that even best practice or am I doing something fundamentally wrong?
PS: Many of our applications are hosted on our customer's servers (instead of our own), so "put all information in the application log and show nothing to the user" is not really an option.
Solution: Replace httpApp.Server.ClearError() with
If Not HttpContext.Current.IsCustomErrorEnabled Then httpApp.Server.ClearError()
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
就我个人而言,大多数时候我看到人们选择与您正在做的类似的方法。按照自己的方式做事有很多好处。
我注意到人们过去使用过许多解决方法,但最常见的是用户让他们的自定义处理程序了解 CustomErrors 设置。因此,基本上您的代码会查看它想要发送的响应代码,然后根据自定义错误采取操作。这确实是两全其美。
Personally most of the time I see people opting for an approach similar to what you are doing. There are a number of benefits to doing things your way.
There are a number of workarounds that I have noticed people using in the past, but the most common is for users to make their custom handler be aware of the CustomErrors setting. So, basically your code would look at the response code that it wants to sent, then take action based on the custom errors. That gets the best of both worlds really.