ASP.NET Security Vulnerability Error Handling Project Part 3 - Sending Mail MailMessage()
Added note: A patch has been created. See Scott Guthrie's post here.
In ASP.NET Security Vulnerability Error Handling Project Part 1, we discussed implementing a project that utilizes the suggestions made in Scott Guthrie's post on ASP.NET Security Vulnerability. Even after Microsoft releases a patch for this security vulnerability, this working project will still be valuable for generating your error messages and sending emails.
I showed how to setup the web.config file, add the sleep delay, and optionally display the error to the screen for developer debugging. Now we'll discuss the actual error handling.
In ASP.NET Security Vulnerability Error Handling Project Part 2, I showed how to retrieve the Exception.
In this post, Part 3, we will review the SendMailMessage function. In order to have good error handling on your site, you should have some method of sending the error messages received by the users to the developer. We will send them via email. Of course, if the error message pertains to the mail server being down or there is an error in your master page, you're out of luck. :) But otherwise, this will work fine.
The complete project can be found in this NannetteThackerErrorHandling.zip file.
My SendMailMessage function is a combination of the best tips I've seen on the web for sending mail. I've added a few of my own snippets, such as looping through comma delimited email addressses to allow sending to multiple recipients. Also, if an empty string is returned, no error was generated.
Public Shared Function SendMailMessage(ByVal toEmail As String, _ByVal subject As String, ByVal body As String, _
Optional ByVal fromEmail As String = "", _
Optional ByVal bcc As String = "", _
Optional ByVal cc As String = "", _
Optional ByVal attachmentFileName As String = "" _
) As String Try' Instantiate a new instance of MailMessage
Dim mMailMessage As New MailMessage() ' Set the sender address of the mail message
If fromEmail <> String.Empty Then
mMailMessage.From = New MailAddress(fromEmail)
Else
mMailMessage.From = New MailAddress(WebConfigurationManager.AppSettings("MailFrom"), "My Website Name")
End If If attachmentFileName <> String.Empty Then
Dim attachmentfile As New System.Net.Mail.Attachment(attachmentFileName)
mMailMessage.Attachments.Add(attachmentfile)
End If If toEmail = String.Empty Then
toEmail = WebConfigurationManager.AppSettings("ErrorHandlingMailTo")
End If
toEmail = Trim(toEmail)
' trim off any spaces on the rightIf Right(toEmail, 1) = "," Then
toEmail = Left(toEmail, Len(toEmail) - 1)
End If Dim mailTo As String = toEmail
' allow pass in a set of comma delimited names and add the address per recipient
If Not mailTo Is Nothing And mailTo <> String.Empty Then
Dim newaddy As String() = Split(mailTo, ",")
For Each addr In newaddy
If Len(addr) <> 0 Then
If Not mMailMessage.To.Contains(New MailAddress(addr)) Then
mMailMessage.To.Add(addr)
End If
End If
Next
End If ' Check if the bcc value is null or an empty string If Not bcc Is Nothing And bcc <> String.Empty Then
'Set the Bcc address of the mail message
Dim newaddy As String() = Split(bcc, ",")
For Each addr In newaddy
If Len(addr) <> 0 Then
If Not mMailMessage.To.Contains(New MailAddress(addr)) Then
mMailMessage.Bcc.Add(New MailAddress(addr))
End If
End If
Next
End If' Check if the cc value is null or an empty value
If Not cc Is Nothing And cc <> String.Empty Then
' Set the CC address of the mail message
Dim newaddy As String() = Split(cc, ",")
For Each addr In newaddy
If Len(addr) <> 0 Then
If Not mMailMessage.To.Contains(New MailAddress(addr)) Then
mMailMessage.Bcc.Add(New MailAddress(cc))
End If
End If
Next
End If ' Set the subject of the mail message
mMailMessage.Subject = subject' Set the body of the mail message
body = "<font face=""verdana"">" & body & "</body>"
mMailMessage.Body = body ' Secify the format of the body as HTML
mMailMessage.IsBodyHtml = True' Set the priority of the mail message to normal
mMailMessage.Priority = MailPriority.Normal ' Instantiate a new instance of SmtpClient
Dim mSmtpClient As New SmtpClient()
mSmtpClient.Host = WebConfigurationManager.AppSettings("MailHost") If Not GetValues.IsLocalHost() Then ' don't send if testing locally
' Send the mail message
mSmtpClient.Send(mMailMessage)
End If ' dispose and set to nothing
If attachmentFileName <> String.Empty Then
attachmentFileName = Nothing
mMailMessage.Attachments.Dispose()
End If
mSmtpClient =
Nothing Return String.Empty ' success Catch ex As ExceptionReturn ex.Message
End Try End Function
The complete project can be found in this NannetteThackerErrorHandling.zip file.
May your dreams be in ASP.NET!
Nannette Thacker