I have one method of a class (DPCal_EventMove) that I want to limit access to using Roles. I have both a Global.asax.cs error handler and a custom IHttpModule error handler intended to catch unhandled exceptions and Server.Transfer them to GlobalExceptionHandler.aspx, which checks to see if the errors are SecurityExceptions that originated from failed PrincipalPermission checks. For some reason, the unhandled exception caused by the PricipalPermission-decorated method is not routed through either of my error handlers. My question is: Where is this exception being routed to and how do I catch and handle it?
public partial class DayView : Page
{
protected void Page_Load(object sender, EventArgs e)
{
// Do some stuff
}
[PrincipalPermission(SecurityAction.Demand, Role = "Investigator")]
[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
protected void DPCal_EventMove(object sender, DayPilot.Web.Ui.Events.EventMoveEventArgs e)
{
// If no overlap, then save
int eventId = Convert.ToInt32(e.Value);
MembershipUser user = Membership.GetUser();
if (!CommonFunctions.IsSchedulingConflict(eventId, e.NewStart, e.NewEnd) &&
Page.User.HasEditPermission(user, eventId))
{
dbUpdateEvent(eventId, e.NewStart, e.NewEnd);
GetEvents();
DPCal.Update();
}
}
}
Below is my Global.asax.cs file:
public class Global : System.Web.HttpApplication
{
protected void Application_Error(object sender, EventArgs e)
{
Server.Transfer("~/GlobalExceptionHandler.aspx?ReturnUrl=" + Request.Path);
}
}
Below is my custom IHttpModule handler:
public class UnhandledExceptionModule : IHttpModule
{
private HttpApplication _context;
private bool _initialized = false;
public void Init(HttpApplication context)
{
_context = context;
_initialized = true;
context.Error += new EventHandler(Application_Error);
}
public UnhandledExceptionModule()
{
_initialized = false;
}
public void Dispose()
{
if (_initialized)
_context.Dispose();
}
public void Application_Error(object sender, EventArgs e)
{
if (_initialized)
_context.Server.Transfer("~/GlobalExceptionHandler.aspx?ReturnUrl=" + _context.Request.Path);
}
}
Page_Load on GlobalExceptionHandler.aspx is never reached.
It turned out that the problem was caused because the DPCal_EventMove method was executing as a page callback. Fortunately, the DayPilot calendar component has an option to change this behavior. Once I changed the EventMoveHandling property of the DayPilot:DayPilotCalendar control to "PostBack" instead of "CallBack", I was able to catch and handle the security exception.