Enterprise Library 2.0 hands on Lab translation (8): Exception Application Block (ii)

Exercise 2: Exception handling policies

This exercise will learn to use the wrapper policy of the exception handling application block to handle some exceptions with sensitive information.

First step

Open the Puzzler2.sln project, the default installation path should be C:\Program Files\Microsoft Enterprise Library January 2006\labs\cs\exception EXERCISES\EX02, and compiled.

Step two protects code access security for the ' Add Word ' function in the service

1. In Solution Manager Select the Dictionary.cs file in the project Puzzlerservice, select View | The Code menu command to add Word for method add to access security attributes.

// TODO: Add security attribute
[PrincipalPermission(SecurityAction.Demand, Role = "Grand PoohBah")]
public static Boolean AddWord(string wordToAdd)
{
　　if (!IsWord(wordToAdd))
　　{
　　　　// It is not alphabetic! Throw an exception
　　　　throw new ApplicationException(
　　　　　　"Word to add does not consist of alphabetic letters");
　　}
　　if (Dict[wordToAdd] == null)
　　{
　　　　Dict.Add(wordToAdd, wordToAdd);
　　}
　　return true;
}

The method can now only be executed by the role Grand Poohbah. Note that the method to be modified is in Dictionary.cs instead of DictionaryService.cs.

2. Select Debug | The Start without Debugging menu command runs the application. Enter a number in the Word to check text box and click the Add Word button. This will cause the service's Addword method to throw a SecurityException exception message that can be seen in Event Viewer.

Here SecurityException information is uploaded from the server to the client, and the information contained therein will help the attacker to compromise our system security. So you should log exception information on the server and send only a small amount of information to the client.

3. Closes the application.