<< Second Day of .NET in Columbus, Ohio | Home | Security Application Block in Enterprise Library >>

Exception Handling Application Block in Enterprise Library

I have to admit, I was under-whelmed in my first pass over the documentation for the new Enterprise Library. After all the hype, I expected to see more dramatic differences in functionality. My first impression was that the changes were mostly in refactoring the existing blocks. However, as I started to take a deeper look, features started to pop out at me. For example, the new Exception Handling Application Block.

The new Exception Handling Application Block goes way beyond the old Exception Management Application Block. There are three main concepts to understand in this block:

  • Exception Handling
  • Exception Logging
  • Exception Policies

Exception Handling is the process of doing something with an exception when it is detected/caught by your code. There are three things you can have EHAP do to handle an exception. You can wrap the exception in a new exception to add new context information or detail. The original exception is still available as the InnerException when the new exception is propagated up the call stack. Second, you can replace the exception with a new exception. Do this when you don't want the details of the original exception to be propagated across an application boundary. The third thing you can do is log the exception. Of course, you can do this in combination with wrapping or replacing the exception, or you can log the original exception and propagate the original up the call stack.

Exception Logging makes use of another block, called the Logging and Instrumentation Application Block, to send formatted exceptions to the event log, an email message, WMI and several other targets. This alone gives us more options than what we had with the old block.

Finally, the component that really makes this particular block “hot” (yes, unfortunately, I did watch The Simple Life this week) is the Exception Policies. This allows you to define the way exception handling and logging works using external configuration files instead of baking the rules into your code. In other words, you can define the exception handling in a policy file and then change the behavior for different testing, debugging and production scenarios without changing your code. Your administrators can manage the policy file themselves to make your application more secure by hiding sensitive information from users during an exception. Or they can define policy to produce additional information for consumption by management applications such as Microsoft Operations Manager.

The basic pattern to integrate your code with this block is documented as the following:

try
{
  // run code
}
catch(Exception ex)
{
  bool rethrow = ExceptionPolicy.HandleException(ex, "General Policy");
  if (rethrow)
  {
    throw;
  }
}

Pretty simple. The Exception Handling Application Block in Enterprise Library is definitely something to dig further into as it provides a lot of new functionality that did not exist in the old Exception Management Application Block. It also provides the flexibility to create a robust application that you can still monitor and debug without exposing too much detail to the outside world.

Print | posted on Saturday, January 29, 2005 1:25 AM

Feedback

# re: Exception Handling Application Block in Enterprise Library

left by Chris Kinsman at 1/31/2005 9:01 PM Gravatar
I also thought it was cool at first, however think about it. You are allowing external entities, i.e. end users, decide how errors should be handled in your code! Can you imagine the security holes this could open up? they can actually change the flow of execution, etc just by changing policies.

The more I thought about it the more it gave me the hives...

# re: Exception Handling Application Block in Enterprise Library

left by Drew Robbins at 2/1/2005 2:22 AM Gravatar
I think this is consistent with the provider model that is not only used through out the Enterprise Library, but will exist in the 2.0 framework as well. With the provider model, you can effectively change what is executed by changing the provider. Here you're plugging in new exception handlers (providers).

The configuration files will need to be identified as part of your threat modeling process as a potential point of attack. The files can be locked down so that they are read-only. Also, if this is an enterprise application, most of this stuff is hopefully on your server. If there's a client application, you have a boundary to protect. If someone has compromised the server, you're screwed anyway.

# re: Exception Handling Application Block in Enterprise Library

left by Chris Kinsman at 2/1/2005 1:16 PM Gravatar
Yes and yet it is very different than the provider model.

The provider model I write to a fixed interface that is known at design time.

The Exception Handling block changes all the rules at runtime.

Imagine I am writing code that raises an exception to indicate an authentication failure. A user configures the exception handling block to wrap and throw and replaces my exception with a different one. Now code upstream will never catch an authentication failure and potentially not function correctly.

# re: Exception Handling Application Block in Enterprise Library

left by dru at 2/10/2005 2:34 PM Gravatar
This is really not that big of a deal. If you don't want people mucking with it you can do like I do. Write a custom reader and embed the config file in the assembly (if they can modify that your hosed anyways).

# Enterprise Library Links (via .NET Musings)

left by TECHQUIK: Sharing the Joy of Sof at 2/17/2005 1:58 PM Gravatar
Here is the list of links from .NET Musings: Enterprise Library Configuration Part 1 http://weblogs.asp.net/scottdensmore/archive/2005/01/28/362579.aspx Enterprise Library as non-Admin http://weblogs.asp.net/scottdensmore/archive/2005/01/29/363202.aspx Manage Application Settings Using Enterprise Library Configuration http://blog.hishambaz.com/archive/2005/01/30/197.aspx Logging with Enterprise Library http://blog.hishambaz.com/archive/2005/01/30/202.aspx Enterprise Library Logging - Rolling File Sink...

# re: Exception Handling Application Block in Enterprise Library

left by Tokes at 3/9/2005 4:17 AM Gravatar
I've got to agree with Chris - not necessarily from a security point of view but from a usefulness pespective. I can't imagine a scenario where you would want to configure your app to replace an exception with a different one. Maybe I am missing something. Can anyone think of a use for this?

# re: Exception Handling Application Block in Enterprise Library

left by Drew Robbins at 3/9/2005 11:41 AM Gravatar
One best practice when dealing with exceptions is to replace the exception at an application boundary. This is done so that the internal logic or schema of an application is not exposed through the exception data.

It would be nice, in enterprise applications, to modify this behaviour in different deployments. For example, I might want the development deployment of the application to give me the complete exception details. But the production instance should replace the exception with a generic error message.

This can be accomplished by other methods, but the idea of the application blocks is to reduce the work required for common scenarious like this. Its up to the developers/architects to decide if policy-based exception handling is a security risk in their environment.

# re: Exception Handling Application Block in Enterprise Library

left by Ann at 3/19/2005 2:47 AM Gravatar

Am I right in thinking this way? The exception handling policies can be manipulated without changing any of the existing code, as it can be done xternally. If so only Server Admin is allowed to go ahead with these kind of modifications. I am unclear about how individual users can cutomize..

# re: Exception Handling Application Block in Enterprise Library

left by cheelam_mze at 3/28/2005 7:08 AM Gravatar
Hello and hye..
Can anyone please tell me what's the purpose of Attribute in custom handler inside the configuration setting?is it mean that i can add in additional information to the exception message?I got situation now...where one of my custom exception class have additional infomation that need to be include as one of the additional information...
Anyone please help me...thanks..

# re: Exception Handling Application Block in Enterprise Library

left by David at 6/4/2005 1:34 AM Gravatar
Don't underestimate the power of the old Application Block. It wasn't that difficult to create a custom publisher that you could operate however best fit into the architecture of whatever applications you develop. You could then reference that DLL by any of your .NET applications.

By using the same custom e-mail publisher across all our applications, and simply tossing in the Application Name and an (optional) recipient override in the application's config file, I created these wonderful, e-mail messages to our development staff that were formatted with custom subject lines for each application.

In the Enterprise Library, it appears that all the stuff that stays the same across all applications (format of the e-mail, recipients, sender, smtp server, etc.) will now have to be defined explicitly in each application's config file. Oh well; I suppose it will be more understandable when someone new eventually takes over managing the application.

(Maybe I'll be able to convince my boss to let us continue using the application block!)

# re: Exception Handling Application Block in Enterprise Library

left by How to write a custom handler at 6/30/2005 2:59 AM Gravatar
I have a situation where in i need to use custom made logging facility to log the errors. Hence i need to write a custom handler. Can anybody give me a direction as to how to start and some samples..

Thanks

# re: Exception Handling Application Block in Enterprise Library

left by John V at 7/8/2005 2:41 PM Gravatar
When you choose the exception type, does it allow you to choose only native exceptions (like SecurityException etc)? If so how could one choose a custom exception?

Thanks

# re: Exception Handling Application Block in Enterprise Library

left by Jon at 7/27/2005 1:22 PM Gravatar
John V.

The configuration utility allows you to "inspect" an assembly and then choose an exception found in that assembly.

# re: Exception Handling Application Block in Enterprise Library

left by newkev at 8/2/2005 7:14 PM Gravatar
one thing I did not see mentioned in the "rethrow exception as different exception thread" is the fact that both exceptions can (are) handled differently - you catch a data exception send notification to developers, wrap the expception in a general exception with a nice error message for the general public.

# Unofficial Enterprise Library 2.0 for .Net framework 2.0

left by Nitin Kapoor at 9/1/2005 12:08 PM Gravatar
I am trying to use Enterprise library 2.0 for .NET 2.0 when I am adding an exceptional handling block using configuration console and saving it I am getting following error. Does any one have any clue about it pls lemme know

System.Configuration.ConfigurationErrorsException: Error loading XML file c:\inetpub\wwwroot\picassoii.longandfoster.com\Configuration\enterpriseLibrary.config Could not find a part of the path 'c:\inetpub\wwwroot\picassoii.longandfoster.com\Configuration\enterpriseLibrary.config'.. (c:\inetpub\wwwroot\picassoii.longandfoster.com\Configuration\enterpriseLibrary.config)
at Microsoft.Practices.EnterpriseLibrary.Configuration.ConfigurationFile.OpenXmlTextReader(String configurationFile)
at Microsoft.Practices.EnterpriseLibrary.Configuration.ConfigurationFile.Load(String filename)
at Microsoft.Practices.EnterpriseLibrary.Configuration.ConfigurationBuilder.LoadMetaConfiguration(String configurationFile)
at Microsoft.Practices.EnterpriseLibrary.Configuration.ConfigurationBuilder..ctor(String configurationFile)
at Microsoft.Practices.EnterpriseLibrary.Configuration.ConfigurationContext..ctor(String configurationFile)
at Microsoft.Practices.EnterpriseLibrary.Configuration.Design.SaveApplicationConfigurationNodeCommand.DoApplicationSave(ConfigurationNode node)
at Microsoft.Practices.EnterpriseLibrary.Configuration.Design.SaveApplicationConfigurationNodeCommand.ExecuteCore(ConfigurationNode node)
at Microsoft.Practices.EnterpriseLibrary.Configuration.Design.ConfigurationNodeCommand.Execute(ConfigurationNode node)
at Microsoft.Practices.EnterpriseLibrary.Tools.ConfigurationConsole.MainForm.SaveApplication(IUIHierarchy hierarchy)
at Microsoft.Practices.EnterpriseLibrary.Tools.ConfigurationConsole.MainForm.OnToolbarButtonClick(Object sender, ToolBarButtonClickEventArgs e)
at System.Windows.Forms.ToolBar.OnButtonClick(ToolBarButtonClickEventArgs e)
at System.Windows.Forms.ToolBar.WmReflectCommand(Message& m)
at System.Windows.Forms.ToolBar.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

# re: Exception Handling Application Block in Enterprise Library

left by Minor at 2/13/2006 12:58 AM Gravatar
Can anybody help me how to modify the error message occurred during Exceptionhandling and give an appropriate message to end users without showing the actual error.

# re: Exception Handling Application Block in Enterprise Library

left by preddy at 5/17/2006 3:31 AM Gravatar
using System.Collections.Specialized;
using Microsoft.Practices.EnterpriseLibrary.Common.Configuration;
using Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder;
using Microsoft.Practices.EnterpriseLibrary.Configuration;
using Microsoft.Practices.EnterpriseLibrary.ExceptionHandling;
using Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Configuration;
using Microsoft.Practices.EnterpriseLibrary.Common;
using System.ComponentModel;


namespace CustomExceptionLibrary


{

[ConfigurationElementType(typeof(CustomHandlerData))]
public class CustomException : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.IExceptionHandler
{
public Exception HandleException(Exception exception, Guid handlingInstanceId)
{

ExceptionPolicy.HandleException(exception, "Exception Policy");
return exception;
}

}
}

# re: Exception Handling Application Block in Enterprise Library

left by vjeran at 8/30/2007 7:21 AM Gravatar
Great stuff. i am using it all.. only i haven't found i way to simply read that log files, since they are locked.

# re: Exception Handling Application Block in Enterprise Library

left by ayush at 9/17/2007 4:46 AM Gravatar
hey if its possible that i configure everything in database instead of web.config?

# re: Exception Handling Application Block in Enterprise Library

left by Himanshu Bhankar at 7/7/2008 2:32 PM Gravatar
good article for introduction to first timers....

# re: Exception Handling Application Block in Enterprise Library

left by Kalyan at 7/23/2008 2:03 AM Gravatar
How to use the replace handler in the Exception Handling Application Block. If anyone has an idea, please let me know.

# re: Exception Handling Application Block in Enterprise Library

left by Giacomo at 8/1/2008 8:40 AM Gravatar
the more configurable a system is, the more fragile it is. I think making exception handling configurable is a bad idea.
Title  
Name
Email (never displayed)
Url
Comments   
Please add 3 and 5 and type the answer here:
Copyright © Drew Robbins