Logging SecurityExceptions

Hi,
>
As for the global exception handling, so far in WCF, the "IErrorHand ler"
interface is the appropriate and reasonable approach. This is also
mentioned in most web forum threads:
>

>
for the security authorization in your scenario, I'm wondering whether
you're using custom authorization provider or the built-in one? If you use
custom provider( or a custom class derive from built-in one as a wrapper ),
you can put the exception handling for the authroization in the provider.
>
Sincerely,
>
Steven Cheng
>
Microsoft MSDN Online Support Lead
>
>
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.
>
=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.
>

Hi,
>
As for the global exception handling, so far in WCF, the "IErrorHand ler"
interface is the appropriate and reasonable approach. This is also
mentioned in most web forum threads:
>

>
for the security authorization in your scenario, I'm wondering whether
you're using custom authorization provider or the built-in one? If you

custom provider( or a custom class derive from built-in one as a wrapper

you can put the exception handling for the authroization in the provider.
>
Sincerely,
>
Steven Cheng
>
Microsoft MSDN Online Support Lead
>
>
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.

feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.
>
=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.
>

Hi crazylegsfitz,
>
As for the SecurityExcepti on, if the StackTrace doesn't showed the original
info, that means it has been captured and rethrow some where. As some .NET
CLR reference indicated, for such situation, we cannot get the original
code stack info.
>
For global exception handling, I've also consult some other WCF engineers,
seems they also think the IErrorHandler is the best one so far. However, I
do think this is a reasonable feature which you can submit to our connect
feedback site:
>

>
Sincerely,
>
Steven Cheng
>
Microsoft MSDN Online Support Lead
>
>
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.
>
=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.
>
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
--------------------
From: =?Utf-8?B?Y3JhenlsZWd zZml0eg==?= <crazylegsfitz@ noemail.noemail >
References: <F308D179-6D2D-4E93-A759-0864322366BD@mi crosoft.com>
<YkwjhgWHJHA.54 24@TK2MSFTNGHUB 02.phx.gbl>
Subject: RE: Logging SecurityExcepti ons
Date: Tue, 23 Sep 2008 08:54:01 -0700
>
>
Steven,
>
Thanks for the reply but it's not what I'm looking for. Let me rephrase the
issue. If I have the following web service method
>
public string Echo(string message) {
>
if (message == "Throw") {
throw new InvalidOperatio nException("Can 't use Throw as the
message");
}
>
return "you sent: " + message;
>
}
>
I will get an accurate StackTrace in the exception passed to
IErrorHandler.H andleError that points me to the location of the error.
>
However, if I change the exception in the method above to a
SecurityExcepti on
public string Echo(string message) {
>
if (message == "Throw") {
throw new SecurityExcepti on("Can't use Throw as the
message");
}
>
return "you sent: " + message;
>
}
>
>
I will not get an accurate StackTrace from IErrorHandler.H andleError.
>
Is there any place that I can put code in the WCF service side that will
accurately log the StackTrace from the SecurityExcepti on in the method
above
other than a try catch block around the throw line?
>
To answer your first question, yes we are using a custom authorization
provider so the possibilty exists to trap exceptions from this provider.
But
I'm looking for a more general solution that would cover all types of
SecurityExcepti ons not just authorization exceptions and without having to
put try catch blocks around every web service method.
>
thanks,
crazylegsfitz
>
>
>
>
""Steven Cheng"" wrote:
>use),Please

Hi crazylegsfitz,
>
As for the SecurityExcepti on, if the StackTrace doesn't showed the

info, that means it has been captured and rethrow some where. As some

CLR reference indicated, for such situation, we cannot get the original
code stack info.
>
For global exception handling, I've also consult some other WCF

seems they also think the IErrorHandler is the best one so far. However,

do think this is a reasonable feature which you can submit to our connect
feedback site:
>

>
Sincerely,
>
Steven Cheng
>
Microsoft MSDN Online Support Lead
>
>
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.

feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsof t.com.
>
=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.
>
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no

>
>
>
--------------------
From: =?Utf-8?B?Y3JhenlsZWd zZml0eg==?= <crazylegsfitz@ noemail.noemail >
References: <F308D179-6D2D-4E93-A759-0864322366BD@mi crosoft.com>
<YkwjhgWHJHA.54 24@TK2MSFTNGHUB 02.phx.gbl>
Subject: RE: Logging SecurityExcepti ons
Date: Tue, 23 Sep 2008 08:54:01 -0700
>
>
Steven,
>
Thanks for the reply but it's not what I'm looking for. Let me rephrase

issue. If I have the following web service method
>
public string Echo(string message) {
>
if (message == "Throw") {
throw new InvalidOperatio nException("Can 't use Throw as

message");
}
>
return "you sent: " + message;
>
}
>
I will get an accurate StackTrace in the exception passed to
IErrorHandler.H andleError that points me to the location of the error.
>
However, if I change the exception in the method above to a
SecurityExcepti on
public string Echo(string message) {
>
if (message == "Throw") {
throw new SecurityExcepti on("Can't use Throw as the
message");
}
>
return "you sent: " + message;
>
}
>
>
I will not get an accurate StackTrace from IErrorHandler.H andleError.
>
Is there any place that I can put code in the WCF service side that will
accurately log the StackTrace from the SecurityExcepti on in the method
above
other than a try catch block around the throw line?
>
To answer your first question, yes we are using a custom authorization
provider so the possibilty exists to trap exceptions from this provider.
But
I'm looking for a more general solution that would cover all types of
SecurityExcepti ons not just authorization exceptions and without having

put try catch blocks around every web service method.
>
thanks,
crazylegsfitz
>
>
>
>
""Steven Cheng"" wrote:
>

use

),

Please