Stop displaying entire stack trace in WebAPI

c# .net asp.net-web-api stack-trace asp.net-web-api2
15,118

Solution 1

Just change configuration IncludeErrorDetailPolicy to LocalOnly and the details will not be sent to the client.

Here: http://www.asp.net/web-api/overview/extensibility/configuring-aspnet-web-api

Solution 2

For those who are looking to supress just the StackTrace and not discarding important error clues, you can implement an ExceptionFilter.

You can do this in two steps:

  1. Write your filter as below:

    using System.Web.Http.Filters;
using System.Net;
using System.Net.Http;

public class MyExceptionFilterAttribute : ExceptionFilterAttribute
{
    public override void OnException(HttpActionExecutedContext context)
    {
        var request = context.Request;
        var response = request.CreateErrorResponse(HttpStatusCode.InternalServerError, context.Exception.Message);
        var content = (System.Net.Http.ObjectContent<System.Web.Http.HttpError>)response.Content;

        var errorValues = (System.Web.Http.HttpError)content.Value;
        errorValues["ExceptionMessage"] = context.Exception.Message;
        errorValues["ExceptionType"] = context.Exception.GetType().Name;
        if (context.ActionContext != null)
        {
            errorValues["ActionName"] = context.ActionContext.ActionDescriptor.ActionName;
            errorValues["ControllerName"] = context.ActionContext.ControllerContext.ControllerDescriptor.ControllerName;
        }

        context.Response = response;
    }
}

  2. make the WebApi use your ExceptionFilter:

    public static void Register(HttpConfiguration config)
{
    config.Filters.Add(new MyExceptionFilterAttribute());

You will get this:

{
  "Message": "Your exception is here!",
  "ExceptionMessage": "Your exception is here!",
  "ExceptionType": "Exception",
  "ActionName": "MyAction",
  "ControllerName": "MyController"
}

More information at: https://docs.microsoft.com/en-us/aspnet/web-api/overview/error-handling/exception-handling

Share:
15,118
now he who must not be named.
Author by

now he who must not be named.

#SOreadytohelp There is this joy in helping others. Thanks SO

Updated on June 03, 2022

Comments

  • now he who must not be named.
    now he who must not be named. almost 2 years

    When an unexpected error occurs in WebAPI the user sees the entire stack trace.

    I believe that showing the entire stack trace is not safe.

    What is the default behaviour to stop showing the entire trace to my users?

    Just a friendly message like saying Internal Server Error alone is enough. Correct?

    Any ideas how?

    <?xml version="1.0"?>
<Error>
  <Message>An error has occurred.</Message>
  <ExceptionMessage>The method or operation is not implemented.</ExceptionMessage>
  <ExceptionType>System.NotImplementedException</ExceptionType>
  <StackTrace>   at MyCompany.BLL.RequirementOfService.Employee1.Employee1Service.MakeRequirementOfService(RequirementOfService RequirementOfService) in d:\Projects\MyFolder\Testing\WhiteBox\MyCompany.BAL.RequirementOfService\Employee1\Employee1Service.cs:line 37
   at MyCompany.BLL.RequirementOfService.RequirementOfServiceBLL.MakeRequirementOfService(RequirementOfService RequirementOfService) in d:\Projects\MyFolder\Testing\WhiteBox\MyCompany.BAL.RequirementOfService\RequirementOfServiceBLL.cs:line 76
   at MyCompany.RequirementOfService.Windsor.RequirementOfServiceProvider.MakeRequirementOfService(RequirementOfService RequirementOfService) in d:\Projects\MyFolder\Testing\WhiteBox\MyCompany.RequirementOfService\Windsor\RequirementOfServiceProvider.cs:line 47
   at MyCompany.RequirementOfService.RequirementOfService.Controllers.RequirementOfServiceController.Post(RequirementOfServiceDTO RequirementOfServiceDTO) in d:\Projects\MyFolder\Testing\WhiteBox\MyCompany.RequirementOfService\RequirementOfService\Controllers\RequirementOfServiceController.cs:line 87
   at lambda_method(Closure , Object , Object[] )
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.&lt;&gt;c__DisplayClass10.&lt;GetExecutor&gt;b__9(Object instance, Object[] methodParameters)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.Execute(Object instance, Object[] arguments)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at System.Web.Http.Controllers.ApiControllerActionInvoker.&lt;InvokeActionAsyncCore&gt;d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apply [Authorize] attribute implicitly to all Web API controllers
The route template separator character '/' cannot appear consecutively - Attribute routing issue
Web API 2: how to return JSON with camelCased property names, on objects and their sub-objects
is it possible to get an offline version of swagger documentation for a website?
Get the IP address of the client connecting to a C# .NET WebAPI application
Asp.Net WebApi Inheritance with a BaseController
405 (Method Not Allowed) on reactjs component
Reading every incoming request (URL) in ASP.NET WEB API
Yet another ASP.Net WebAPI route not found
WebApi Post Methods always Returns "The requested resource does not support http method 'GET'." Status: 405 Method Not Allowed