Exception handling & WCF SecurityException

Topics: Exception Handling Application Block
Apr 4, 2011 at 8:28 AM

I've been struggling to get security exceptions to propagate from a WCF service down to a WPF client while using the EntLib exception handling application block.
What I would like to do is throw a SecurityException in WCF when a user has insufficient rights and have that translated on the client as a SecurityAccessDenied exception, as is the WCF way.

I've read that WCF captures this SecurityException and transforms it into a simple FaultException with the error message "Access Denied". Clientside this specific fault is caught by the WCF client plumbing and transformed into a SecurityAccessDenied exception, which you can then catch & display a proper message.

Now in EntLib what we want to do is use the "All Exception"' Exception Type rule to capture any exception that isn't caught by a specific rule from the WCF service and wrap it into a general service fault.

This "All Exception" rule also catches the FaultException for the security exceptions, which makes sense. Problem is we don't want it to do this, because this hides the error from being spotted by the client. Adding a specific rule for SecurityException or SecurityAccessDeniedException doesn't work either because WCF has already transformed the exception into FaultException("Access Denied") before it enters into EntLib...

Since FaultException is too general to catch with a rule, there doesn't seem to be a way to distinguish this specific security exception.

I'm thinking someone else must have been running into this before, so if anyone has any ideas on how to do this, I'd be happy to hear.

Apr 4, 2011 at 8:50 AM

The easiest workaround I could think of is to create a custom exception handler which checks if the exception is a FaultException resulting from a SecurityException.  If it is,apply the logic you want, possibly abort the execution of the rest of the handlers in the case you order the handlers so that this executes first.


Sarah Urmeneta
Global Technologies and Solutions
Avanade, Inc.

Apr 5, 2011 at 6:53 AM

I was thinking this was about the only way to get around this, though I'd like to avoid it.
Thanks for the feedback.