OWIN 中间件中的全局异常处理
Global exception handling in OWIN middleware
我正在尝试在 ASP.NET Web API 2.1 项目中创建统一错误 handling/reporting,该项目建立在 OWIN 中间件之上(IIS 主机使用 Owin.Host.SystemWeb)。
目前我使用了一个自定义异常记录器,它继承自 System.Web.Http.ExceptionHandling.ExceptionLogger 并使用 NLog 记录所有异常,代码如下:
public class NLogExceptionLogger : ExceptionLogger
{
private static readonly Logger Nlog = LogManager.GetCurrentClassLogger();
public override void Log(ExceptionLoggerContext context)
{
//Log using NLog
}
}
我想将所有 API 异常的响应正文更改为友好的统一响应,使用 System.Web.Http.ExceptionHandling.ExceptionHandler 隐藏所有异常详细信息,如下代码:
public class ContentNegotiatedExceptionHandler : ExceptionHandler
{
public override void Handle(ExceptionHandlerContext context)
{
var errorDataModel = new ErrorDataModel
{
Message = "Internal server error occurred, error has been reported!",
Details = context.Exception.Message,
ErrorReference = context.Exception.Data["ErrorReference"] != null ? context.Exception.Data["ErrorReference"].ToString() : string.Empty,
DateTime = DateTime.UtcNow
};
var response = context.Request.CreateResponse(HttpStatusCode.InternalServerError, errorDataModel);
context.Result = new ResponseMessageResult(response);
}
}
这将return发生异常时客户端的响应如下:
{
"Message": "Internal server error occurred, error has been reported!",
"Details": "Ooops!",
"ErrorReference": "56627a45d23732d2",
"DateTime": "2015-12-27T09:42:40.2982314Z"
}
现在,如果在 Api 控制器请求管道 .
中发生任何异常 ,这一切都很好
但在我的情况下,我使用中间件 Microsoft.Owin.Security.OAuth 来生成不记名令牌,并且该中间件对 Web API 异常处理一无所知,例如,如果异常有been in thrown in method ValidateClientAuthentication my NLogExceptionLogger not ContentNegotiatedExceptionHandler 不会知道这个异常也不会尝试处理它,我在AuthorizationServerProvider中使用的示例代码如下:
public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
//Expcetion occurred here
int x = int.Parse("");
context.Validated();
return Task.FromResult<object>(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (context.UserName != context.Password)
{
context.SetError("invalid_credentials", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
context.Validated(identity);
}
}
因此,对于实施以下 2 个问题的任何指导,我将不胜感激:
1 - 创建一个全局异常处理程序,仅处理由 OWIN 中间件生成的异常?我遵循 并创建了一个用于异常处理目的的中间件并将其注册为第一个并且我能够记录源自 "OAuthAuthorizationServerProvider" 的异常,但我不确定这是否是最佳方式做吧。
2 - 现在,当我在上一步中实现日志记录时,我真的不知道如何更改异常的响应,因为我需要 return 给客户端一个标准的 JSON 中发生的任何异常的模型 "OAuthAuthorizationServerProvider"。有一个相关的 answer here 我试图依赖但它没有用。
这是我的 Startup class 和我为异常 catching/logging 创建的自定义 GlobalExceptionMiddleware。缺少的和平是 returning 对任何异常的统一 JSON 响应。任何想法将不胜感激。
public class Startup
{
public void Configuration(IAppBuilder app)
{
var httpConfig = new HttpConfiguration();
httpConfig.MapHttpAttributeRoutes();
httpConfig.Services.Replace(typeof(IExceptionHandler), new ContentNegotiatedExceptionHandler());
httpConfig.Services.Add(typeof(IExceptionLogger), new NLogExceptionLogger());
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new AuthorizationServerProvider()
};
app.Use<GlobalExceptionMiddleware>();
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseWebApi(httpConfig);
}
}
public class GlobalExceptionMiddleware : OwinMiddleware
{
public GlobalExceptionMiddleware(OwinMiddleware next)
: base(next)
{ }
public override async Task Invoke(IOwinContext context)
{
try
{
await Next.Invoke(context);
}
catch (Exception ex)
{
NLogLogger.LogError(ex, context);
}
}
}
有几种方法可以满足您的需求:
首先创建已注册的中间件,然后所有异常都会冒泡到该中间件。此时只需通过 OWIN 上下文通过 Response 对象写出您的 JSON。
您还可以创建一个包装 Oauth 中间件的包装中间件。在这种情况下,它将捕获源自此特定代码路径的错误。
最终编写 JSON 消息是关于创建消息、序列化消息并通过 OWIN 上下文将其写入响应。
看来您在 #1 的道路上是正确的。希望这会有所帮助,祝你好运:)
好的,所以这比预期的要容易,感谢@Khalid 的提醒,我最终创建了一个名为 OwinExceptionHandlerMiddleware 的 owin 中间件,它专门用于处理任何 Owin 中间件中发生的任何异常(记录它并在将其返回给客户端之前处理响应)。
您需要将此中间件注册为Startupclass中的第一个,如下所示:
public class Startup
{
public void Configuration(IAppBuilder app)
{
var httpConfig = new HttpConfiguration();
httpConfig.MapHttpAttributeRoutes();
httpConfig.Services.Replace(typeof(IExceptionHandler), new ContentNegotiatedExceptionHandler());
httpConfig.Services.Add(typeof(IExceptionLogger), new NLogExceptionLogger());
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new AuthorizationServerProvider()
};
//Should be the first handler to handle any exception happening in OWIN middlewares
app.UseOwinExceptionHandler();
// Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseWebApi(httpConfig);
}
}
OwinExceptionHandlerMiddleware中使用的代码如下:
using AppFunc = Func<IDictionary<string, object>, Task>;
public class OwinExceptionHandlerMiddleware
{
private readonly AppFunc _next;
public OwinExceptionHandlerMiddleware(AppFunc next)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
_next = next;
}
public async Task Invoke(IDictionary<string, object> environment)
{
try
{
await _next(environment);
}
catch (Exception ex)
{
try
{
var owinContext = new OwinContext(environment);
NLogLogger.LogError(ex, owinContext);
HandleException(ex, owinContext);
return;
}
catch (Exception)
{
// If there's a Exception while generating the error page, re-throw the original exception.
}
throw;
}
}
private void HandleException(Exception ex, IOwinContext context)
{
var request = context.Request;
//Build a model to represet the error for the client
var errorDataModel = NLogLogger.BuildErrorDataModel(ex);
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Response.ReasonPhrase = "Internal Server Error";
context.Response.ContentType = "application/json";
context.Response.Write(JsonConvert.SerializeObject(errorDataModel));
}
}
public static class OwinExceptionHandlerMiddlewareAppBuilderExtensions
{
public static void UseOwinExceptionHandler(this IAppBuilder app)
{
app.Use<OwinExceptionHandlerMiddleware>();
}
}
接受的答案不必要地复杂,并且没有继承自 OwinMiddleware class
您需要做的就是:
public class HttpLogger : OwinMiddleware
{
public HttpLogger(OwinMiddleware next) : base(next) { }
public override async Task Invoke(IOwinContext context)
{
await Next.Invoke(context);
Log(context)
}
}
此外,无需创建扩展方法..它很简单,无需
即可引用
appBuilder.Use(typeof(HttpErrorLogger));
如果您只想记录特定的请求,您可以过滤上下文属性:
例如:
if (context.Response.StatusCode != 200) { Log(context) }
我正在尝试在 ASP.NET Web API 2.1 项目中创建统一错误 handling/reporting,该项目建立在 OWIN 中间件之上(IIS 主机使用 Owin.Host.SystemWeb)。
目前我使用了一个自定义异常记录器,它继承自 System.Web.Http.ExceptionHandling.ExceptionLogger 并使用 NLog 记录所有异常,代码如下:
public class NLogExceptionLogger : ExceptionLogger
{
private static readonly Logger Nlog = LogManager.GetCurrentClassLogger();
public override void Log(ExceptionLoggerContext context)
{
//Log using NLog
}
}
我想将所有 API 异常的响应正文更改为友好的统一响应,使用 System.Web.Http.ExceptionHandling.ExceptionHandler 隐藏所有异常详细信息,如下代码:
public class ContentNegotiatedExceptionHandler : ExceptionHandler
{
public override void Handle(ExceptionHandlerContext context)
{
var errorDataModel = new ErrorDataModel
{
Message = "Internal server error occurred, error has been reported!",
Details = context.Exception.Message,
ErrorReference = context.Exception.Data["ErrorReference"] != null ? context.Exception.Data["ErrorReference"].ToString() : string.Empty,
DateTime = DateTime.UtcNow
};
var response = context.Request.CreateResponse(HttpStatusCode.InternalServerError, errorDataModel);
context.Result = new ResponseMessageResult(response);
}
}
这将return发生异常时客户端的响应如下:
{
"Message": "Internal server error occurred, error has been reported!",
"Details": "Ooops!",
"ErrorReference": "56627a45d23732d2",
"DateTime": "2015-12-27T09:42:40.2982314Z"
}
现在,如果在 Api 控制器请求管道 .
中发生任何异常 ,这一切都很好但在我的情况下,我使用中间件 Microsoft.Owin.Security.OAuth 来生成不记名令牌,并且该中间件对 Web API 异常处理一无所知,例如,如果异常有been in thrown in method ValidateClientAuthentication my NLogExceptionLogger not ContentNegotiatedExceptionHandler 不会知道这个异常也不会尝试处理它,我在AuthorizationServerProvider中使用的示例代码如下:
public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
//Expcetion occurred here
int x = int.Parse("");
context.Validated();
return Task.FromResult<object>(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (context.UserName != context.Password)
{
context.SetError("invalid_credentials", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
context.Validated(identity);
}
}
因此,对于实施以下 2 个问题的任何指导,我将不胜感激:
1 - 创建一个全局异常处理程序,仅处理由 OWIN 中间件生成的异常?我遵循
2 - 现在,当我在上一步中实现日志记录时,我真的不知道如何更改异常的响应,因为我需要 return 给客户端一个标准的 JSON 中发生的任何异常的模型 "OAuthAuthorizationServerProvider"。有一个相关的 answer here 我试图依赖但它没有用。
这是我的 Startup class 和我为异常 catching/logging 创建的自定义 GlobalExceptionMiddleware。缺少的和平是 returning 对任何异常的统一 JSON 响应。任何想法将不胜感激。
public class Startup
{
public void Configuration(IAppBuilder app)
{
var httpConfig = new HttpConfiguration();
httpConfig.MapHttpAttributeRoutes();
httpConfig.Services.Replace(typeof(IExceptionHandler), new ContentNegotiatedExceptionHandler());
httpConfig.Services.Add(typeof(IExceptionLogger), new NLogExceptionLogger());
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new AuthorizationServerProvider()
};
app.Use<GlobalExceptionMiddleware>();
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseWebApi(httpConfig);
}
}
public class GlobalExceptionMiddleware : OwinMiddleware
{
public GlobalExceptionMiddleware(OwinMiddleware next)
: base(next)
{ }
public override async Task Invoke(IOwinContext context)
{
try
{
await Next.Invoke(context);
}
catch (Exception ex)
{
NLogLogger.LogError(ex, context);
}
}
}
有几种方法可以满足您的需求:
首先创建已注册的中间件,然后所有异常都会冒泡到该中间件。此时只需通过 OWIN 上下文通过 Response 对象写出您的 JSON。
您还可以创建一个包装 Oauth 中间件的包装中间件。在这种情况下,它将捕获源自此特定代码路径的错误。
最终编写 JSON 消息是关于创建消息、序列化消息并通过 OWIN 上下文将其写入响应。
看来您在 #1 的道路上是正确的。希望这会有所帮助,祝你好运:)
好的,所以这比预期的要容易,感谢@Khalid 的提醒,我最终创建了一个名为 OwinExceptionHandlerMiddleware 的 owin 中间件,它专门用于处理任何 Owin 中间件中发生的任何异常(记录它并在将其返回给客户端之前处理响应)。
您需要将此中间件注册为Startupclass中的第一个,如下所示:
public class Startup
{
public void Configuration(IAppBuilder app)
{
var httpConfig = new HttpConfiguration();
httpConfig.MapHttpAttributeRoutes();
httpConfig.Services.Replace(typeof(IExceptionHandler), new ContentNegotiatedExceptionHandler());
httpConfig.Services.Add(typeof(IExceptionLogger), new NLogExceptionLogger());
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new AuthorizationServerProvider()
};
//Should be the first handler to handle any exception happening in OWIN middlewares
app.UseOwinExceptionHandler();
// Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseWebApi(httpConfig);
}
}
OwinExceptionHandlerMiddleware中使用的代码如下:
using AppFunc = Func<IDictionary<string, object>, Task>;
public class OwinExceptionHandlerMiddleware
{
private readonly AppFunc _next;
public OwinExceptionHandlerMiddleware(AppFunc next)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
_next = next;
}
public async Task Invoke(IDictionary<string, object> environment)
{
try
{
await _next(environment);
}
catch (Exception ex)
{
try
{
var owinContext = new OwinContext(environment);
NLogLogger.LogError(ex, owinContext);
HandleException(ex, owinContext);
return;
}
catch (Exception)
{
// If there's a Exception while generating the error page, re-throw the original exception.
}
throw;
}
}
private void HandleException(Exception ex, IOwinContext context)
{
var request = context.Request;
//Build a model to represet the error for the client
var errorDataModel = NLogLogger.BuildErrorDataModel(ex);
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Response.ReasonPhrase = "Internal Server Error";
context.Response.ContentType = "application/json";
context.Response.Write(JsonConvert.SerializeObject(errorDataModel));
}
}
public static class OwinExceptionHandlerMiddlewareAppBuilderExtensions
{
public static void UseOwinExceptionHandler(this IAppBuilder app)
{
app.Use<OwinExceptionHandlerMiddleware>();
}
}
接受的答案不必要地复杂,并且没有继承自 OwinMiddleware class
您需要做的就是:
public class HttpLogger : OwinMiddleware
{
public HttpLogger(OwinMiddleware next) : base(next) { }
public override async Task Invoke(IOwinContext context)
{
await Next.Invoke(context);
Log(context)
}
}
此外,无需创建扩展方法..它很简单,无需
即可引用 appBuilder.Use(typeof(HttpErrorLogger));
如果您只想记录特定的请求,您可以过滤上下文属性:
例如:
if (context.Response.StatusCode != 200) { Log(context) }