1 / 31

Enterprise Library Exception Handling Application Block

Enterprise Library Exception Handling Application Block. Scott Densmore Software Design Engineer Microsoft. Tim Shakarian Software Design Engineer Avanade Ron Jacobs Product Manager Microsoft. Exception handling guidance from patterns & practices

fagan
Télécharger la présentation

Enterprise Library Exception Handling Application Block

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise LibraryException Handling Application Block Scott Densmore Software Design EngineerMicrosoft Tim Shakarian Software Design EngineerAvanade Ron JacobsProduct ManagerMicrosoft

  2. Exception handling guidance from patterns & practices Describe implementation of exception handling scenarios and guidance using the Exception Handling Application Block Demonstration Questions Agenda

  3. Sound familiar? • The same logging code is pasted throughout your code in catch blocks • Difficulty in ensuring exception handling actions are consistent from developer to developer, and application to application • Changing your policy regarding exception handling results in source code changes

  4. Exception Handling Needs • You need consistent exception handling behavior throughout your application • You need to implement best practice guidance for exception handling • Don’t inadvertently disclose security sensitive information to remote callers • Add context to exceptions by wrapping or replacing exceptions with more relevant exceptions • You need to make it simple to add exception management boilerplate code

  5. Threats and Countermeasures • Revealing Implementation Details • Exceptions that are allowed to propagate to the client can reveal internal implementation details that make no sense to the end user but are useful to attackers. Applications that do not use exception handling or implement it poorly are also subject to denial of service attacks. • Vulnerabilities • Attacker reveals implementation details • Denial of service • Countermeasures • Use exception handling throughout your application’s code base. • Handle and log exceptions that are allowed to propagate to the application boundary. • Return generic, harmless error messages to the client. • Thoroughly validate all input data at the server Improving Web Application SecurityThreats and Countermeasures Chapter 2 – Threats and Countermeasures

  6. Exception Handling Application Block • Provides simple mechanism that allows you to consistently deal with exceptions throughout your application • Define “Exception Policies” which link an exception to an action • Exceptions of type ApplicationException should be logged • Exceptions of type SqlClientException should be caught and wrapped with an exception of type DataLayerException and re-thrown • Exceptions of type SecurityException should caught and replaced with an AccessDeniedException which will be thrown

  7. Exception Handling Application Block • Actions provided include • Logging • Wrapping one exception with another • Replacing one exception with an other • Create your own actions…

  8. Exception Handling Application Block Scope Platform functionality Application block assistance Recovery code is context-specific

  9. Exception Handling Application Block Configuration • Configuration allows multiple policies • Policies have one or more exception types • Types have one or more exception handlers

  10. Exception Handling Policies • Determines how a set of exception types are to be handled • Each policy contains one or more Exception Type • Multiple policies can be configured per application

  11. Invoking Policies

  12. Exception Propagation • Let the exception propagate automatically • Catch and rethrow the original exception • Original exception contains the original application stack trace • The return value from HandleException indicates whether the application should rethrow the original exception

  13. Exception Propagation • Catch, wrap, and throw the wrapped exception

  14. Exception Propagation • A word of caution • Do not allow exception details to propagate from your Web applications back to the client. A malicious user could use system-level diagnostic information to learn about your application and probe for weaknesses to exploit in future attacks. • Countermeasure: catch, replace, and throw the new exception Improving Web Application SecurityThreats and Countermeasures Chapter 19 – Securing Your ASP.NET Application and Web Services

  15. Exception Type • A System.Exception or derived class • Each Exception Type contains one or more Exception Handler • Behaves identically to .NET type-filtered handling. Any exception of a specified class or any of its derived classes are handled

  16. Exception Type Filtering Example • In the following example, “My Policy” is handled identically to the example code:

  17. Exception Handler • Encapsulates exception handling logic. • Logging • Wrapping • Replacing • Are “chained” for a specific order of execution. • Each handler has an opportunity to modify the original exception. • Each handler passes its version of the exception to the next handler in the chain.

  18. Configuring Replace Handlers

  19. Configuring Wrap Handlers

  20. Configuring Log Handlers

  21. Post Handling Action • Occurs after all Exception Handlers have executed • Specifies the following actions: • None • NotifyRethrow • ThrowNewException

  22. Exception Formatting • Formats any System.Exception object • Can be used for logging or displaying exception details • Reflects all properties of an exception, as well as additional context information • Formats inner exceptions

  23. Shipped Exception Formatters • TextExceptionFormatter • Creates a text representation for display on screen, logging, or any other situation in which someone would read the exception details. • XmlExceptionFormatter • Creates an XML representation of the exception. • Each exception property is stored as a separate XML element.

  24. Handling Correlation • Provides a means of tracking an exception handling instance. • A “HandlingInstanceID” GUID is generated when an exception is handled. Each handler can use this ID for correlation.

  25. Custom Exception Handlers • Allows you to encapsulate and reuse custom business handling routines. Usage scenarios include: • Filing an incident with a trouble ticketing system. • Business specific wrapping or replacing logic. • Logging to a custom logging solution (i.e. Log4Net). • Configurable to allow for flexibility across policies and types

  26. Creating a Custom Exception Handler • Any class that implements IExceptionHandler • Uses a “data” object for xml serializeable configuration data. • Should be simple in operation to avoid “Exception Handling Exceptions”

  27. Key Extensibility Points • Custom exception handlers • Custom exception formatters • Plus… • Anything and everything – you have the source code! • Please post extensions and suggestions to the community

  28. Enterprise Library v1 Caching Exceptions Legend Security Data Access Logging Dependency Plug-in Crypto Configuration Config Tool

  29. Announcing: Enterprise Library 1.0 Download it Today! http://www.microsoft.com/practices

  30. patterns & practices Live! • 3/22 Enterprise Library Cryptography Application Block • 3/24 Enterprise Library Security Application Block • 3/28 Building your own block • 3/31 Enterprise Library Applied http://www.pnplive.com

  31. http://www.microsoft.com/practicesEnterprise Library Communityhttp://go.microsoft.com/fwlink/?linkid=39209&clcid=0x09

More Related