停止在WebAPI中显示整个堆栈跟踪

Question

停止在WebAPI中显示整个堆栈跟踪

now*_*ed. 30 .net c# stack-trace asp.net-web-api asp.net-web-api2

当WebAPI用户发生意外错误时,会看到整个堆栈跟踪.

我相信显示整个堆栈跟踪是不安全的.

停止向我的用户显示整个跟踪的默认行为是什么？

只是一个友好的信息,就像说Internal Server Error一个人就够了.正确？

有什么想法？

<?xml version="1.0"?>
<Error>
  <Message>An error has occurred.</Message>
  <ExceptionMessage>The method or operation is not implemented.</ExceptionMessage>
  <ExceptionType>System.NotImplementedException</ExceptionType>
  <StackTrace>   at MyCompany.BLL.RequirementOfService.Employee1.Employee1Service.MakeRequirementOfService(RequirementOfService RequirementOfService) in d:\Projects\MyFolder\Testing\WhiteBox\MyCompany.BAL.RequirementOfService\Employee1\Employee1Service.cs:line 37
   at MyCompany.BLL.RequirementOfService.RequirementOfServiceBLL.MakeRequirementOfService(RequirementOfService RequirementOfService) in d:\Projects\MyFolder\Testing\WhiteBox\MyCompany.BAL.RequirementOfService\RequirementOfServiceBLL.cs:line 76
   at MyCompany.RequirementOfService.Windsor.RequirementOfServiceProvider.MakeRequirementOfService(RequirementOfService RequirementOfService) in d:\Projects\MyFolder\Testing\WhiteBox\MyCompany.RequirementOfService\Windsor\RequirementOfServiceProvider.cs:line 47
   at MyCompany.RequirementOfService.RequirementOfService.Controllers.RequirementOfServiceController.Post(RequirementOfServiceDTO RequirementOfServiceDTO) in d:\Projects\MyFolder\Testing\WhiteBox\MyCompany.RequirementOfService\RequirementOfService\Controllers\RequirementOfServiceController.cs:line 87
   at lambda_method(Closure , Object , Object[] )
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.&lt;&gt;c__DisplayClass10.&lt;GetExecutor&gt;b__9(Object instance, Object[] methodParameters)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.Execute(Object instance, Object[] arguments)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at System.Web.Http.Controllers.ApiControllerActionInvoker.&lt;InvokeActionAsyncCore&gt;d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

Run Code Online (Sandbox Code Playgroud)

Answer 1

Ali*_*eza 50

只需将配置更改IncludeErrorDetailPolicy为LocalOnly,详细信息将不会发送到客户端.

这里:http: //www.asp.net/web-api/overview/extensibility/configuring-aspnet-web-api

Answer 2

Ces*_*sar 5

对于那些只希望抑制StackTrace而不丢弃重要错误提示的人，可以实现ExceptionFilter。

您可以分两步执行此操作：

编写如下的过滤器：

using System.Web.Http.Filters;
using System.Net;
using System.Net.Http;

public class MyExceptionFilterAttribute : ExceptionFilterAttribute
{
    public override void OnException(HttpActionExecutedContext context)
    {
        var request = context.Request;
        var response = request.CreateErrorResponse(HttpStatusCode.InternalServerError, context.Exception.Message);
        var content = (System.Net.Http.ObjectContent<System.Web.Http.HttpError>)response.Content;

        var errorValues = (System.Web.Http.HttpError)content.Value;
        errorValues["ExceptionMessage"] = context.Exception.Message;
        errorValues["ExceptionType"] = context.Exception.GetType().Name;
        if (context.ActionContext != null)
        {
            errorValues["ActionName"] = context.ActionContext.ActionDescriptor.ActionName;
            errorValues["ControllerName"] = context.ActionContext.ControllerContext.ControllerDescriptor.ControllerName;
        }

        context.Response = response;
    }
}

Run Code Online (Sandbox Code Playgroud)

使WebApi使用您的ExceptionFilter：

public static void Register(HttpConfiguration config)
{
    config.Filters.Add(new MyExceptionFilterAttribute());

Run Code Online (Sandbox Code Playgroud)

您将获得：

{
  "Message": "Your exception is here!",
  "ExceptionMessage": "Your exception is here!",
  "ExceptionType": "Exception",
  "ActionName": "MyAction",
  "ControllerName": "MyController"
}

Run Code Online (Sandbox Code Playgroud)

有关更多信息，请访问：https : //docs.microsoft.com/zh-cn/aspnet/web-api/overview/error-handling/exception-handling

归档时间：	11 年，1 月前
查看次数：	10128 次
最近记录：	7 年，1 月前