Clearly, the exception page can reveal a substantial amount of information about the application, which is beneficial to the developer, but what about application security? Would we really want to expose internal details about our application to everyone? What about hackers?
The information in the developer exception page can certainly be detrimental in the wrong hands so deciding when it should be displayed is a key concept in helping safeguard our application and data.
We can use conditional logic to determine the environment in which the application is running and then decide whether we should show the developer exception page. Typically, we will check to see if the application is running in a development environment and if it is, we opt to use the developer exception page in case any exceptions are thrown. However, if the application is not running in development and an exception is thrown, an alternate error handling pathway will be followed.
IWebHostEnvironment is an interface that provides information about the web hosting environment in which the application is running. An object that implements this interface (
env) is passed into the
Configure() method. Inside of the
Configure() method we can use this object to obtain more information about the environment. This information can then be used to determine if the developer exception page should be shown.
We’ve added an intentional exception for the Contact page. Run the code and click on the
Contact Us button to throw the exception.
The page will not work because an exception has been thrown and the application does not know what to do when it breaks.
env variable is set based on the environment in which the application is running. Notice how the
env variable is passed into the
Configure() method. Add an
if statement that checks the result of the static
IsDevelopment() method of the
IWebHostEnvironment class. If this method returns true, call the
UseDeveloperExceptionPage() component to handle exceptions.
Reload the contact page and view the developer exception page.