Exceptions in ASP.NET Web API custom exception handler never reach top level when CORS is enabled

by

I have found the source of confusion.

It seems, WebAPI by default is using this exception handler:

https://aspnetwebstack.codeplex.com/SourceControl/latest#src/System.Web.Http/ExceptionHandling/DefaultExceptionHandler.cs

and it has major differences from the suggested exception handling in this article:

http://www.asp.net/web-api/overview/web-api-routing-and-actions/web-api-global-error-handling

see chapter “Appendix: Base Class Details”, where the code of default exception base class is given.

In the example it checks for IsOutermostCatchBlock (which now seems to be moved to exceptionContext.CatchBlock.IsTopLevel) to see if it’s time to handle the exception. When CORS is enabled, such approach won’t work for the reasons I described above. ASP.NET team said, this behavior is by design and they won’t change anything.

I hope someone experienced will write an up-to-date article with instructions for doing exception handling the right way with and without CORS.

Currently I see two ways to work around this in my code:

  • don’t inherit my custom exception handler from System.Web.Http.ExceptionHandling.ExceptionHandler but implement IExceptionHandler directly

  • if inheriting from System.Web.Http.ExceptionHandling.ExceptionHandler, override
    ShouldHandle method and return true always because CatchBlock.IsTopLevel might never have true value.

I tried both apporaches and they seem to work fine.

More Related Contents:

  1. How to make CORS Authentication in WebAPI 2?
  2. The ‘Access-Control-Allow-Origin’ header contains multiple values
  3. Does IMDB provide an API? [closed]
  4. Why do we have to specify FromBody and FromUri?
  5. 401 response for CORS request in IIS with Windows Auth enabled
  6. So, JSONP or CORS? [closed]
  7. Error :Request header field Content-Type is not allowed by Access-Control-Allow-Headers
  8. Enable CORS in Web API 2
  9. Attribute routing and inheritance
  10. CORS support for PUT and DELETE with ASP.NET Web API
  11. Overload web api action method based on parameter type
  12. MVC web api: No ‘Access-Control-Allow-Origin’ header is present on the requested resource
  13. Web API: how to access multipart form values when using MultipartMemoryStreamProvider?
  14. MVC5, Web API 2 and Ninject
  15. AngularJS CORS Issues
  16. IIS hijacks CORS Preflight OPTIONS request
  17. Constructor Dependency Injection WebApi Attributes
  18. How to authorize CORS preflight request on IIS with Windows Authentication
  19. How can I use JSON on the web page from a source with neither CORS nor JSONP? [closed]
  20. Hosting WebAPI using OWIN in a windows service
  21. Unhandled Exception Global Handler for OWIN / Katana?
  22. Best practice for error handling with ASP.NET Web API
  23. WebAPI CORS with Windows Authentication – allow Anonymous OPTIONS request
  24. MVC Web API not working with Autofac Integration
  25. WebApi Help Page: don’t escape HTML in XML documentation
  26. OData V4 modify $filter on server side
  27. How to use Container instead of ObjectFactory in StructureMap ServiceActivator?
  28. CORS enabled but response for preflight has invalid HTTP status code 404 when POSTing JSON
  29. What are proper status codes for CORS preflight requests?
  30. Getting Exception org.apache.logging.slf4j.SLF4JLoggerContext cannot be cast to org.apache.logging.log4j.core.LoggerContext

Leave a Comment