Login/Register
How to turn on CircuitOptions.DetailedErrors?
Asked Answered
Solved c#asp.net-coreblazorblazor-server-side
A

5

72

I'm getting this message in the console when running a server-side Blazor app:

Error: There was an unhandled exception on the current circuit, so this circuit will be terminated. For more details turn on detailed exceptions in 'CircuitOptions.DetailedErrors'

I've had a look at the Blazor error handling documentation, but I can't work out how to actually turn on the detailed errors mentioned in that message?

Antitrust answered 15/8, 2019 at 18:38 Comment(0)
S
69

NO CODE : EASIER & More SECURE

Best Practice

This is easier than most of the proposed solutions and it does not introduce a possible security issue into the code. It is also considered a coding best practice.

Microsoft recommends adding the following to the appsettings.development.json file as it does not add code to the application that can become a security risk. It is not recommended to put this in appsettings.json as that settings file is reserved for the production environment.

You can also use this approach to provide detailed error logging for SignalR.

src: Handle errors in ASP.NET Core Blazor apps: Detailed circuit errors

{
  "DetailedErrors": true, // turns on CircuitOptions.DetailedErrors
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information",
      "Microsoft.AspNetCore.SignalR": "Debug"  // turns on SignalR debugging
    }
  }
}
Sycosis answered 16/12, 2021 at 20:53 Comment(11)
This should be the accepted answer.Locker
This one is systematic solution. I go this way.Hendiadys
What makes you say Microsoft recommends config over code? On the page you linked they don't. They describe config as an alternative to code, after the code solution.Heighho
What is the supposed "security issue in the code"? If it's merely about environment and detail exposure, obviously you have to be correct just like on the config. It's no different on the config where you have to put it into the dev config specifically to not expose it on prod.Heighho
@Heighho if you add debugging to your code then it is in all environments, not just in dev. This opens the possibility of anyone being able to see your debug information and gather information about your application that could allow them to exploit your code. You could add additional code that only runs the debug code when you are in dev, but this can become complicated and difficult to maintain, again presenting the possibility of possible vulnerabilities.Sycosis
"and it does not introduce a possible security issue into the code" implies it's inherently less secure though rather than being less error prone.Heighho
It is less secure and it is more error prone.Sycosis
What can I do to log this error on user's systems? We're hitting this error, but only on user's systems and so turning on DetailedErrors on our dev systems is of no help. TIAVincentvincenta
@DavidThielen Remember the client machine (user machine) uses the web browser that gets it's data from the server so enabling this on the server will show detailed messages in the browser client. This is why it is normally only recommended for development environments. If you turn it on in production, just remember to turn it back off as soon as is possible.Sycosis
@TysonGibby Ok, so this is totally happening on the client side. And therefore, there's no way to log it on the server. Is that correct?Vincentvincenta
@DavidThielen Sounds like you should probably open your own question for this one so you can provide full details.Sycosis
A
76

More digging on this revealed that there are both non-Blazor specific .NET Core ways to turn on Detailed Errors, and also a Blazor specific approach:

The modern approach

The methods I detail below date from the .NET 2.1 era and things have improved a lot since then. Tyson Gibby's answer is a better way to handle this in general now, so I've changed that to the accepted answer.

I've left the two approaches below for historic reference anyone needing answers for earlier versions of Blazor.

[Outdated] The general .NET Core way to turn on Detailed Errors:

There are a number of ways to get the detailed errors as discussed in the .NET Core documentation, but I ended up using the Detailed Errors setting:

WebHost.CreateDefaultBuilder(args).UseSetting(WebHostDefaults.DetailedErrorsKey, "true")

And the Development Environment setting:

WebHost.CreateDefaultBuilder(args).UseEnvironment(Environments.Development)

Both of those are used in Program.cs:

If you are using the older (and eventually to be deprecated IWebHostBuilder approach) that looks like this:

public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
        .UseSetting(WebHostDefaults.DetailedErrorsKey, "true")
        //.UseEnvironment(EnvironmentName.Development)
        .UseStartup<Startup>();

And if you're using the newer IHostBuilder approach that was introduced with Core 2.1 that looks like this:

public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
        .ConfigureWebHostDefaults(webBuilder =>
        {
            webBuilder
                .UseStartup<Startup>()
                .UseSetting(WebHostDefaults.DetailedErrorsKey, "true")
                //.UseEnvironment(EnvironmentName.Development);
        });

Once I set that I got more details about my misfiring Blazor code.

[Outdated] A Blazor specific approach:

An alternative approach for turning on detailed errors can also be found in this answer, which includes this code:

services.AddServerSideBlazor().AddCircuitOptions(options => {  options.DetailedErrors = true; });

This approach can then be expanded to include a check for whether the code is being run in the development environment

services.AddServerSideBlazor().AddCircuitOptions(o =>
{
    //only add details when debugging
    o.DetailedErrors = _env.IsDevelopment();
});

as highlighted by @Eonasdan's answer below

Antitrust answered 15/8, 2019 at 18:38 Comment(14)
EnvironmentName.DevelopmentKneehigh
oops I posted too soon, was going to say VS recommends using Environments.Development rather than EnvironmentName.Development which is marked as obsoleteKneehigh
@SimonFoster thank you, I hadn't spotted that. I've updated the answer to use that.Antitrust
This is super useful. Another approach could also be to just #if DEBUG the additional line so that the enhanced errors are disabled in a release build.Talton
How to obtain _env (a IWebHostEnvironment) in the ConfigureServices method?October
I ended up using ConfigureDevelopmentServices method: learn.microsoft.com/en-us/aspnet/core/fundamentals/…October
IHostBuilder doesn't have a .UseSetting method. 😕Vanesavanessa
@BrainSlugs83, good point, I've added an example that uses the new IHostBuilder syntax. That example's from our live project, so it should be working.Antitrust
This worked perfectly for me services.AddServerSideBlazor().AddCircuitOptions(options => { options.DetailedErrors = true; });Hellraiser
Is there a way to do this once the code is compiled? I can't find Program.cs.Fulminous
@Fulminous not to my knowledge. What type of project are you working with (MVC, Blazor, or something else?)Antitrust
It is a C# .NET project using Blazor pages. I deployed it on IIS server. In my development environment my application is working fine, but in production I get the following message in the console: Error: There was an unhandled exception on the current circuit, so this circuit will be terminated. For more details turn on detailed exceptions by setting 'DetailedErrors: true' in 'appSettings.Development.json' or set 'CircuitOptions.DetailedErrors'.Fulminous
@Fulminous there should definitely be a Program.cs file in the root of your web UI project - it contains the Main method which runs the app. Try a global search for "public class Program"Antitrust
I would definitely recommend Tyson Gibby's answer using appsettings.Development.json. It handles detection of environments, those configuration files are perfect for this kind of setting.Charqui
S
69

NO CODE : EASIER & More SECURE

Best Practice

This is easier than most of the proposed solutions and it does not introduce a possible security issue into the code. It is also considered a coding best practice.

Microsoft recommends adding the following to the appsettings.development.json file as it does not add code to the application that can become a security risk. It is not recommended to put this in appsettings.json as that settings file is reserved for the production environment.

You can also use this approach to provide detailed error logging for SignalR.

src: Handle errors in ASP.NET Core Blazor apps: Detailed circuit errors

{
  "DetailedErrors": true, // turns on CircuitOptions.DetailedErrors
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information",
      "Microsoft.AspNetCore.SignalR": "Debug"  // turns on SignalR debugging
    }
  }
}
Sycosis answered 16/12, 2021 at 20:53 Comment(11)
This should be the accepted answer.Locker
This one is systematic solution. I go this way.Hendiadys
What makes you say Microsoft recommends config over code? On the page you linked they don't. They describe config as an alternative to code, after the code solution.Heighho
What is the supposed "security issue in the code"? If it's merely about environment and detail exposure, obviously you have to be correct just like on the config. It's no different on the config where you have to put it into the dev config specifically to not expose it on prod.Heighho
@Heighho if you add debugging to your code then it is in all environments, not just in dev. This opens the possibility of anyone being able to see your debug information and gather information about your application that could allow them to exploit your code. You could add additional code that only runs the debug code when you are in dev, but this can become complicated and difficult to maintain, again presenting the possibility of possible vulnerabilities.Sycosis
"and it does not introduce a possible security issue into the code" implies it's inherently less secure though rather than being less error prone.Heighho
It is less secure and it is more error prone.Sycosis
What can I do to log this error on user's systems? We're hitting this error, but only on user's systems and so turning on DetailedErrors on our dev systems is of no help. TIAVincentvincenta
@DavidThielen Remember the client machine (user machine) uses the web browser that gets it's data from the server so enabling this on the server will show detailed messages in the browser client. This is why it is normally only recommended for development environments. If you turn it on in production, just remember to turn it back off as soon as is possible.Sycosis
@TysonGibby Ok, so this is totally happening on the client side. And therefore, there's no way to log it on the server. Is that correct?Vincentvincenta
@DavidThielen Sounds like you should probably open your own question for this one so you can provide full details.Sycosis
P
20

A better way to add detailed errors is to check your environment first. In Startup.cs add IWebHostEnvironment env to your constructor.

Then you can do this:

services.AddServerSideBlazor().AddCircuitOptions(o =>
{
    if (_env.IsDevelopment()) //only add details when debugging
    {
        o.DetailedErrors = true;
    }
});
Parget answered 17/9, 2019 at 12:9 Comment(1)
That's a really good point and an important one from a security point of view. I've updated my answer accordinglyAntitrust
A
5

For .NET Core 6 you can use WebApplicationBuilder.

var builder = WebApplication.CreateBuilder(args);
if (builder.Environment.IsDevelopment())
{
    builder.Services.AddServerSideBlazor().AddCircuitOptions(x => x.DetailedErrors = true);
}
else
{
    builder.Services.AddServerSideBlazor();
}
Alessi answered 7/3, 2022 at 14:12 Comment(1)
This seems to be the same solution as this other answer?Heighho
R
3

For me it was slightly different

public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
        .ConfigureWebHostDefaults(webBuilder =>
        {
            webBuilder.UseSetting(WebHostDefaults.DetailedErrorsKey, "true");
            webBuilder.UseStartup<Startup>();
        });
Restrict answered 5/9, 2019 at 0:15 Comment(1)
Different to what? Did this make Blazor use detailed error reports too, or only asp.net?Heighho

© 2022 - 2024 — McMap. All rights reserved.