Exception handling in asp.net 1.1

 

Frankly speaking, handling exceptions is a real art, and especially when you break your application in different chunks of classes and forms. Some time it becomes unimaginably difficult to catch a simple error at runtime without managing exception block. When it comes to extendibility of the application unexpected errors become a night mare for programmers.

After the request of many friends who are the regular reader of this blog , I have decided to share my approach to handle exception.

 

Have look at the following namespace.

 

Namespace CustomExceptions

        Public Class Exception_SqlInjection

            Inherits Exception

            Public Sub New()

                MyBase.New(ConfigurationSettings.AppSettings("Exception_SqlInjection"))

               MyBase.Source = "SqlInjection"

 

            End Sub

        End Class

End Namespace

 

 

In the above code I am doing a real simple thing. Let me just give you a quick Idea

 

Namespace CustomExceptions

        Public Class Exception_SqlInjection

            Inherits Exception

 

 

Creating a namespace called “CustomExceptions” and a class under that namespace which is called “Exception_SqlInjection”, Notice that this class is inheriting “Exception” class. It means that “Exception_SqlInjection” is now become an exception I can call it anywhere.

 

            Public Sub New()

MyBase.New(ConfigurationSettings.AppSettings("Exception_SqlInjection"))

                  MyBase.Source = "SqlInjection"

            End Sub

        End Class

End Namespace

 

Constructor of  “Exception_SqlInjection” in which we are calling the base class and providing the error message. Notice that we are reading error messages from web.config file (App settings). And in the 3rd line we are simply giving the source to the base class which is a simple text “SqlInjection”

 

The web.config for the code above will look like this.

 

<configuration>

  <appSettings>

      <add key="Exception_SqlInjection" value="Sorry Kid !!! but you cannot apply sql injection here try some where else ...... and by the way better luck next time :)"/>     
  </appSettings>

</configuration>

 

The moment when we call the above created exception the value of the key "Exception_SqlInjection" will be returned by exception as message.

 

 

Now lets get down to the implementation of the above exception in a real life case. The scenario is I want to check the input of the user On Click event of Command Button.

 

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        If TextBox1.Text.IndexOf("'") <> -1 Then

            Throw New CustomExceptions.Exception_SqlInjection

        End If

    End Sub

 

 

The above code is simply check the Textbox for the character “ ‘ “ and if it found any it will just throw a yellow page to browser.  Like below

 

 

 

 

BINGOOOOOOO !!!!! 

 

The purpose of using exception is not to see the yellow screen every time, don’t be upset the next chunk of code will catch this exception and take the appropriate action. Here you might be thinking that why there is need to throw our own exception. So the answer is some time application may need to behave different on different occasions. That is why we use exceptions to throw our own error in a proper way.

 

 

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        Try

            If TextBox1.Text.IndexOf("'") <> -1 Then

                Throw New CustomExceptions.Exception_SqlInjection

            End If

        Catch ex As CustomExceptions.Exception_SqlInjection

            'might you want the system to block this IP, or trace the IP or to email yourself about this attack.

            Response.Write("custom Exception :" & ex.Message)

        Catch ex As Exception

            Response.Write("default Exception :" & ex.Message)

        End Try

       

    End Sub

 

 

 

Now you have created your own exception and catching it at the front end. Furthermore, if you like to create more exceptions just create another class with the namespace “CustomExceptions”.

 

Example :

 

Namespace CustomExceptions

    Public Class Exception_SqlInjection

        Inherits Exception

 

        Public Sub New()

            MyBase.New(ConfigurationSettings.AppSettings("Exception_SqlInjection"))

            MyBase.Source = "SqlInjection"

        End Sub

    End Class

    Public Class Exception_WebConfig

        Inherits Exception

        Public Sub New()

            MyBase.New("The key value you are looking for is not available in the web.config this is the crucial problem please contact to administrator")

        End Sub

    End Class

End Namespace

 

 

 

In the newly created class I pass a simple text instead to the base class instead of calling Web.Config file for error message.

 

Cheers.