0

I have a bunch of WCF SOAP services that in the service host configure a ServiceCredentials behavior to use System.IdentityModel to validate an incoming claims token.

The same service host configures an IErrorHandler to catch any exceptions being thrown in the service. This FaultHandler gets attached to every channel dispatcher in the service.

The issue is that the System.IdentityModel token validation code is throwing an System.SecurityException when it detects an invalid token, but this exception is not caught by the FaultHandler (and therefore not logged).

Why are these exception not caught by the IErrorHandler? And how can I make sure these exceptions are logged?

This answer points to the same problem, but does not hint at a solution.

This comment indicates that it is expected, but I don't understand why that is.

Community
  • 1
  • 1
MvdD
  • 22,082
  • 8
  • 65
  • 93
  • is it ok if you use together with wcf logging, it will log all internal errors of wcf, and i think we should use it https://msdn.microsoft.com/en-us/library/ms733025(v=vs.110).aspx – nhabuiduc May 01 '15 at 23:15
  • Turning on WCF tracing is the way I found which exception was being thrown, but it does not scale to production. We have centralized exception logging for a reason. – MvdD May 02 '15 at 01:55
  • I believe that the security exceptions are triggered by the WCF runtime, even before your service class (that implements the actual service code, and also the `IErrorHandler` interface). Since those occur before your service class is even instantiated, how should it's `IErrorHandler` method catch and handle that error? – marc_s May 02 '15 at 06:29
  • @marc_s Yes, that's what I figured. But is there no way in WCF to catch those exceptions? Seems scary that things may go wrong without a way to detect and log the details. – MvdD May 02 '15 at 07:05

1 Answers1

1

I believe that the security exceptions are triggered by the WCF runtime, even before your service class (that implements the actual service code, and also the IErrorHandler interface).

Since those occur before your service class is even instantiated, how should it's IErrorHandler method catch and handle that error? This is something the calling class needs to deal with when making the call (also things like timeouts etc.)

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • Sure, the client side logs the caught exception, but that propagated exception does not contain the inner exception of the originally thrown exception. That inner exception holds the actual reason why it was raised in the first place. – MvdD May 02 '15 at 15:30