7

I have one method of a class (DPCal_EventMove) that I want to limit access to using Roles. I have both a Global.asax.cs error handler and a custom IHttpModule error handler intended to catch unhandled exceptions and Server.Transfer them to GlobalExceptionHandler.aspx, which checks to see if the errors are SecurityExceptions that originated from failed PrincipalPermission checks. For some reason, the unhandled exception caused by the PricipalPermission-decorated method is not routed through either of my error handlers. My question is: Where is this exception being routed to and how do I catch and handle it?

public partial class DayView : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        // Do some stuff
    }

    [PrincipalPermission(SecurityAction.Demand, Role = "Investigator")]
    [PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
    protected void DPCal_EventMove(object sender, DayPilot.Web.Ui.Events.EventMoveEventArgs e)
    {
        // If no overlap, then save
        int eventId = Convert.ToInt32(e.Value);
        MembershipUser user = Membership.GetUser();
        if (!CommonFunctions.IsSchedulingConflict(eventId, e.NewStart, e.NewEnd) && 
            Page.User.HasEditPermission(user, eventId))
        {
            dbUpdateEvent(eventId, e.NewStart, e.NewEnd);
            GetEvents();
            DPCal.Update();
        }
    }
}

Below is my Global.asax.cs file:

public class Global : System.Web.HttpApplication
{
    protected void Application_Error(object sender, EventArgs e)
    {
        Server.Transfer("~/GlobalExceptionHandler.aspx?ReturnUrl=" + Request.Path);
    }
}

Below is my custom IHttpModule handler:

public class UnhandledExceptionModule : IHttpModule
{
    private HttpApplication _context;
    private bool _initialized = false;

    public void Init(HttpApplication context)
    {
        _context = context;
        _initialized = true;
        context.Error += new EventHandler(Application_Error);
    }

    public UnhandledExceptionModule()
    {
        _initialized = false;
    }

    public void Dispose()
    {
        if (_initialized)
            _context.Dispose();
    }

    public void Application_Error(object sender, EventArgs e)
    {
        if (_initialized)
            _context.Server.Transfer("~/GlobalExceptionHandler.aspx?ReturnUrl=" + _context.Request.Path);
    }
}

Page_Load on GlobalExceptionHandler.aspx is never reached.

Matt
  • 2,339
  • 1
  • 21
  • 37
  • I think this link may have some good information for you: http://stackoverflow.com/questions/2192093/wcf-principalpermission-attribute-exception-loggin – Joel Etherton Aug 27 '12 at 13:48
  • 1
    If you are having an error during a Page Callback via a WebMethod, you are going to have to handle the error appropriately on the client side. Could you possibly post a (simplified) version of your code when (1) calling `DPCal_EventMove` and (2) the definition of `DPCal_EventMove`? – Jaime Torres Aug 27 '12 at 16:33

3 Answers3

1

It turned out that the problem was caused because the DPCal_EventMove method was executing as a page callback. Fortunately, the DayPilot calendar component has an option to change this behavior. Once I changed the EventMoveHandling property of the DayPilot:DayPilotCalendar control to "PostBack" instead of "CallBack", I was able to catch and handle the security exception.

Matt
  • 2,339
  • 1
  • 21
  • 37
0

Have you tried:

public class Global : System.Web.HttpApplication
{
    protected void Application_Error(object sender, EventArgs e)
    {
        Server.Transfer("~/GlobalExceptionHandler.aspx?ReturnUrl=" + Request.Path);
    }
}
Jaime Torres
  • 10,365
  • 1
  • 48
  • 56
  • I'm not sure how that could help. Application_Error never gets called (confirmed by putting a breakpoint at the beginning of the method). – Matt Aug 27 '12 at 14:53
  • I have verified the above code on a simple project (just for my own gratification), and indeed, ClearErrors() is not required if you perform a transfer. Is it possible you are overriding standard behavior with a CustomError node in your web.config? – Jaime Torres Aug 27 '12 at 15:34
  • is what's in my web.config – Matt Aug 27 '12 at 15:53
  • If Application_Error is not being called, what is happening? I'm assuming the exception is just getting buried? – Jaime Torres Aug 27 '12 at 15:56
  • The exception actually appears as a popup dialog, instead of the usual yellow screen of death. My latest hunch is that perhaps this is somehow related to the call to DPCal_EventMove being a page callback, although I'm not sure why that would matter. – Matt Aug 27 '12 at 15:58
0

Add: 

private void Page_Error(object sender, System.EventArgs e)
{
        //errorcode
}

To your page's code and see if that is called during an error?

Ryan McDonough
  • 9,732
  • 3
  • 55
  • 76