问题
I have class that implements asmx service.
class AsmxService{
public string Method(int i){.....}
....}
I omit some attributes, but can provide full code if you find it necessary.
If I get exception into function Method, it's not a problem: just use try-catch. But what should we do, if error occured outside the function. For example, client passed invalid int parameter or something else. In that case on client side I get message about exception. But I d'like to hide all details of error and always return simple notification like following one: "An error occured. Impossible to process request".
I attempted to write SOAP extension module but I found that it did not catch exception related with asmx.
So is it possible at all, and if answer is 'yes', what I am supposed to do?
It seems that this problem rised from time to time on stackaverflow, but I wasn't able to find decision.
回答1:
I don't know what you have looked at already with regard to SOAP extension modules, but here is a good example of one (it starts half-way down the article). I hope it helps.
UPDATE
If I understand you correctly, you are not asking about catching exceptions that are thrown inside your service code (I assume you are already handling them to your satisfaction). Instead, you are trying to catch errors in the ASP.NET communication stack, i.e.
- Serializing client-side objects into the request message
- Transmitting the request message to the server
- Deserializing the request message into server-side objects
- ... and vice versa for the response
If that is so, then if I were you I would just leave it be and let ASP.NET throw whatever exceptions it wants to. I say this because...
Catching exceptions that are thrown inside your service code adds genuine value from a security point of view. By returning minimal details in a SOAP fault, you can prevent an attacker from learning too much about your service. This is best practice for any web service.
However, catching exceptions that are thrown from the communication stack does not add value in my opinion. An attacker is not going to learn anything about your code by being told that "field X expected xs:int but was passed xs:dateTime", for example. He already knows that by examining the WSDL.
回答2:
There isn't anything you can do about faults sent back by the web service infrastructure. If you were using WCF, you would have pretty much complete control, but there's nothing you can do about it using ASMX.
来源:https://stackoverflow.com/questions/8800075/handle-global-errors-asmx