part I — setting up database

Create a database with name ErrorLog inside of it create a table in database called Errors with following fields errorID, userID, userIP, errorPage, errorName, errorStack, errorDate and isRead.

CREATE TABLE [dbo].[Errors](
[errorID] [int] IDENTITY(1,1) NOT NULL,
[userID] [int] NOT NULL,
[userIP] [varchar](14) NOT NULL,
[errorPage] [nvarchar](200) NOT NULL,
[errorName] [nvarchar](100) NOT NULL,
[errorStack] [nvarchar](max) NOT NULL,
[errorDate] [smalldatetime] NOT NULL,
[isRead] [bit] NOT NULL,
CONSTRAINT [PK_Errors] PRIMARY KEY CLUSTERED
(
[errorID] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

userID will be stored in case you have user logged in ( or any other tracking parameter ie. user Guid), otherwise you can save zero value. Ability to know what user had an error can help you to debug the application. userIP field useful to know whether it is the same user accessed resource with error in case there was no userID provided. errorPage is useful because sometimes there is no indication in Exception’s stack where an error appeared so saving it could be a good idea also in case you have one error logging system for multiple websites this way you will save time understanding where it was or to review an error log at any website. errorName is a short name of the exception that mostly not descriptive enough to debug but useful for short indication or error category needs. errorStack field will be used to store everything from Exception.ToString(). errorDate obviously for sorting and timing issues and isRead is useful in cases when you don’t delete errors but just hide them from viewing.

Next lets write a stored procedure “LogError” which will insert an error to database, code is quite straightforward.

CREATE PROCEDURE dbo.LogError
@userID int,
@userIP VarChar(14),
@errorPage NVarChar(200),
@errorName NVarChar(100),
@errorStack NVarChar(max)
AS
BEGIN
SET NOCOUNT ON;
INSERT INTO Errors VALUES (@userID,@userIP,@errorPage,@errorName,@errorStack,getdate(),0)
END
GO

part II — the code

We got two options “lazy way” and the “proper way”. The “lazy way” is to capture an error as it appears from global.asax Application_Error() method which i will show you in a few but it is important to understand that the “lazy way” won’t give you much as flexibility as “proper” one simply because you will just log some of errors without the ability to inform user of what really happened. Catching an error from global.asax is a global method which will act the same for any kind of error from any kind of page while “proper way” will allow you to have conditional logic so for x error application will redirect z page and y error will redirect somewhere else and show user friend message  (ie. if not logged in user tries to get to page that requires userID stored in session or cookie you would like him to be redirected to login page, to show him user friendly message and then to log an error which could be caused by wrong account confirmation mail you have sent SO IT IS IMPORTANT TO LOG ANY ACTION). This way you will know for sure where, why and how.

The “lazy method”

Code pretty much speaks for itself but here some explanation. First we get an Exception from Server.GetLastError() object then we connect to database, with “LogError” stored procedure

*** “Lazy method” suitable for those who already have an online application when architectural changes in its design will create needless bugs. Even though  “proper method” has much wider flexibility than just logging errors, so next time you start another project consider using the proper one but to use it on live application is not such a good idea.

Add this piece of code to Application_Error() method of global.asax.

Exception currentError = Server.GetLastError().GetBaseException();
using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["Errors"].ConnectionString))
{
cn.Open();
SqlCommand com = new SqlCommand("InsertError",cn);
com.CommandType = CommandType.StoredProcedure;
com.Parameters.Add("@userID", SqlDbType.Int).Value = Users.getUserID();
com.Parameters.Add("@userIP", SqlDbType.VarChar,14).Value = Users.getUserIP();
com.Parameters.Add("@errorPage", SqlDbType.NVarChar,200).Value = Request.Url.ToString();
com.Parameters.Add("@errorName", SqlDbType.NVarChar,100).Value = error.Name;
com.Parameters.Add("@errorStack", SqlDbType.NVarChar).Value = error.ToString();
try
{
com.ExecuteNonQuery();
Server.ClearError();
Response.Redirect("~/errorpage.aspx");
}
catch (Exception)
{
}
}

This is not a good idea to use empty catch block but we have no choice and nowhere to log this error, think of situation when your application database in one place and ErrorLog on another, by having try and catch block in there we protect user from being thrown from application when ErrorLog database will fail. So we won’t track an error but user will continue to browse our application.

The “proper method”

Lets create a class inside our App_Code folder caller Errors. Add a method in it caller logError. This method it wrapped by try and catch block so we will avoid Exception in case we could not be able to establish connection to Errors database or any other connection error like transaction deadlock. Thanks to Shuaib Rameh for pointing out this mistake.

try {
public static void logError(Exception ex)
{
using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["Errors"].ConnectionString))
{
SqlCommand com = new SqlCommand("LogError", cn);
com.CommandType = CommandType.StoredProcedure;
com.Parameters.Add("@userID", SqlDbType.Int).Value = Users.getUserID();
com.Parameters.Add("@userIP", SqlDbType.VarChar,14).Value = Users.getUserIP();
com.Parameters.Add("@errorPage", SqlDbType.NVarChar,200).Value = Request.Url.ToString();
com.Parameters.Add("@errorName", SqlDbType.NVarChar,100).Value = ex.Name;
com.Parameters.Add("@errorStack", SqlDbType.NVarChar).Value = ex.ToString();
com.ExecuteNonQuery();
}
}
}
catch(Exception)
{
}

Method is similar to one we added to Application_Error handler inside of global.asax with with difference we pass Exception as parameter and use its values to track an error. Now lets see how to use this method and what its flexibility will allow us to do.

public static bool isUserEmailExists(string userEmail)
{
bool isEmailExists = false;
try
{
using (SqlConnection cn = DB.connectMainapplicationDataBase())
{
SqlCommand com = new SqlCommand("IsUserEmailExists", cn);
com.CommandType = CommandType.StoredProcedure;
com.Parameters.Add("@userEmail", SqlDbType.VarChar, 50).Value = userEmail;
using (SqlDataReader reader = com.ExecuteReader())
{
if (reader.HasRows)
{
isEmailExists = true;
}
}
}
}
catch (Exception ex)
{
Errors.logError(ex);
}
return isEmailExists;
}

This a sample method in which we check whether user’s email exists in our database ie. for password recovery needs or registration. Connection is wrapped up with try-catch block and on Exception we track it down with a method we create inside of Errors class. We can redirect or do what ever we want but error will be logged. Connection here is made with using block for more information about it read  HOWTO: Properly connect to MSSQL database .

real life example:

I had to work on a project large part of which was written in VB, i do understand VB but i feel much more comfortable with C#.  I could use great tool by Developer Fusion, a .NET Code Converter but it was much easier to keep the old code and just have new one written in my native language.  This way i could utilize already written code inVB.

Important note, if you using VB in multi language project please write your functions as strict as possible to avoid possible compliation issues while use a combination of functions from both App_Code dirs.

code:

Create two new folders inside of App_Code folder, CS for C# code and VB obviously for VB code.  Folder names are not important as used only as identifiers for web.config attributes in code below.

<compilation>

<codeSubDirectories>

<add directoryName="CS" />

<add directoryName="VB" />

</codeSubDirectories>

</compilation>

real life example:

There was a website that used userID stored in the session in order to retrieve information about logged user. All fine because most of the time access to session object comes from within page life cycle ( ie.Page_Load) itself but it has certain complication when it comes to using functions whether these are on the same page but outside of page life cycle scope or inside of App_Code directory.

Why would i access session outside of the page’s life cycle ? Simply because anytime website requests an  userID i need to check session for null in case user lost session or never logged in. Another reason could be architectural change in the application that won’t use userID stored in the session but in object of some kind. So much more elegant solution will be to use external function that does all the job for me. Gets an userID in case there is one and if not gets n0ne can be used in conditional logic for example to redirect an user to login page.

So i’ve created a private function to get an userID and if redirectToLogin variable is TRUE then it redirects. Second private functions retrieves the real userID by accessing current context HttpContext.Current. Same way you can access anything from your page life cycle’s context ( ie.Request and Response) which i use in redirection redirectToLoginPage method. Most important is to understand that this kind of programming gives you flexibility in the future (ie. if you change your login page name or will start storing whole user details in session as User object, this way you will just need to change one function that will access User object stored in session rather searching and modifying every place userID session variable was stored.)

code:

public static int getUserID(bool redirectToLogin)
{
int userID = getUserID();
if (redirectToLogin && userID == 0)
{
redirectToLoginPage();
}
return userID;
}

private static int getUserID()
{
int userID = 0;
if (HttpContext.Current.Session["userID"] != null)
{
userID = Convert.ToInt32(HttpContext.Current.Session["userID"]);
}
return userID;
}

private static void redirectToLoginPage()
{
HttpContext.Current.Response.Redirect("~/login.aspx");
}

code :

<system.web>
<pages maxPageStateFieldLength="50">
<controls />
</pages>
</system.web>

* put this code as <pages> attribute inside of <web.section> section in web.config