使用内部 SecurityException 抛出异常仅显示 ASP.NET MVC 中的内部异常
如果我将以下行添加到 ASP.NET MVC 操作方法中,
throw new Exception("outer", new SecurityException("inner"));
实际显示在死机黄屏上的错误是内部 SecurityException,绝对没有提及外部异常。
安全异常
描述:应用程序尝试执行操作,但未执行 安全策略允许。授予此申请 所需权限请联系您的系统管理员或更改 配置文件中应用程序的信任级别。
异常详细信息:System.Security.SecurityException:内部
来源错误:
执行过程中产生了未处理的异常 当前的网络请求。有关原产地和地点的信息 可以使用下面的异常堆栈跟踪来识别异常。
堆栈跟踪:
[安全异常:内部]
这是预期的行为吗?
外部异常是什么类型似乎并不重要。即使是另一个 SecurityException,该消息也永远不会显示。默认的 SecurityException 错误消息非常模糊,我想捕获它并添加一些更具体的信息。如果我不将原始 SecurityException 包含为 innerException,则效果很好,但理想情况下我想这样做。
If I add the following line to an ASP.NET MVC action method
throw new Exception("outer", new SecurityException("inner"));
the error that is actually displayed on the yellow screen of death is the inner SecurityException with absolutely no mention of the outer exception.
SecurityException
Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the
required permission please contact your system administrator or change
the application's trust level in the configuration file.Exception Details: System.Security.SecurityException: inner
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.Stack Trace:
[SecurityException: inner]
Is this expected behavior?
It doesn't seem to matter what type the outer exception is. Even if it is another SecurityException, the message is never displayed. The default SecurityException error message is so vague that I want to catch it and add some more specific information. This works fine if I do not include the original SecurityException as the innerException but ideally I would like to do this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
此行为源自 ASP.NET“核心”,而不是 ASP.NET MVC。不幸的是,错误格式化程序类是内部的,并且使用类型不提供任何扩展点,允许人们在不替换错误报告机制的情况下调整行为。解决方法是用自定义错误页面/视图替换默认的“黄屏死机”页面,在该页面/视图中公开人们喜欢的信息。
这正是生产中通常应该做的事情。就您而言,这仅意味着您将有一个用于调试的备用版本,而不是使用 ASP.NET 提供的默认版本。
This behaviour originates in the ASP.NET "core", not in ASP.NET MVC. Unfortunately, the error formatter classes are internal, and the consuming types do not provide any extension points that would allow one to tweak the behaviour without replacing the error reporting mechanism. The workaround is to replace the default "yellow screen of death" page by a custom error page/view in which one exposes the information that one prefers.
This is exactly what one should usually be doing for production. In your case, it just means that you would have an alternate version for debug instead of using the ASP.NET-provided default.
一般来说,您永远不应该直接抛出异常类/对象,而只能抛出派生类/对象,例如:
在这种情况下,您在日志或页面中缺少什么?
如果您使用应用程序全局异常处理程序并使用
Log4Net或NLog从那里进行日志记录,您应该能够访问从外部到内部的所有异常链,依此类推,具体取决于如何配置和使用日志框架。 IIS / ASP.NET 的黄页可能不完整,但无论如何应该显示堆栈跟踪。如果您想从 catch 块中抛出自己的异常,则可以通过以下方式包装来自 catch 的实际异常:
编辑:尝试了您的建议,并通过 Log4Net 在文本文件中记录了以下内容:
in general you should never throw Exception class/object directly but only derived ones, for example:
in a situation like this what are you missing in the log or in the page?
if you use an application global exception handler and you log from there with either
Log4NetorNLogyou should be able to access all exception chain from outer to inner and so on depending on how you configure and use the logging framework. The Yellow page of IIS / ASP.NET might not be complete but should show the stack trace anyway.if you want to throw your own exception from a catch block you wrap the actual exception coming from the catch in this way:
Edit: tried what you suggested and got the following logged in a text file by Log4Net: