10 Error handling

 

This chapter covers

  • Learning how ASP.NET Core handles uncaught exceptions
  • Knowing when to use the developer exception page
  • Setting up a custom error page
  • Displaying error messages specific to the HTTP status code
  • Formatting errors within an API

In 2018, health care and health IT news portal Healthcare Dive reported about a white paper by security company Zingbox, which analyzed medical IoT devices (http://mng.bz/aJem). They specifically looked at the error messages displayed on those devices. As they found out, the following information was included on several devices:

  • Database names and usernames
  • File paths on the server
  • Source code filenames and the names of classes, methods, and parameters
  • Source code line numbers
  • Full-stack traces
  • And more

Error messages may be crucial during development. On a production system, they may have an entirely different impact—that is, telling attackers intimate details about the system and software. With our ASP.NET Core applications, we need to, and can, make this better.

10.1 Error pages for web applications

10.1.1 Custom error pages

10.1.2 Status code error pages

10.2 Handling errors in APIs

Summary