Clearly, the exception page can reveal a substantial amount of information about the application, which is beneficial to the developer, but what about application security? Would we really want to expose internal details about our application to everyone? What about hackers?

The information in the developer exception page can certainly be detrimental in the wrong hands so deciding when it should be displayed is a key concept in helping safeguard our application and data.

We can use conditional logic to determine the environment in which the application is running and then decide whether we should show the developer exception page. Typically, we will check to see if the application is running in a development environment and if it is, we opt to use the developer exception page in case any exceptions are thrown. However, if the application is not running in development and an exception is thrown, an alternate error handling pathway will be followed.

IWebHostEnvironment is an interface that provides information about the web hosting environment in which the application is running. An object that implements this interface (env) is passed into the Configure() method. Inside of the Configure() method we can use this object to obtain more information about the environment. This information can then be used to determine if the developer exception page should be shown.