SecurityException in operation filter not handled

Question

SecurityException in operation filter not handled

caldwell0414 opened this issue 3 years ago · 1 comments

When a SecurityException is thrown within an operation, the Restier framework correctly intercepts this exception and returns HTTP status code 403 (unauthorized). However, if the SecurityException is thrown within the operation filter [ e.g. protected void OnExecutingMyOperation() ], then the Restier framework does not intercept the exception and instead returns HTTP status code 500 (internal exception).

Assemblies affected

This behavior is observed using the latest bits in the branch titled "breakdance-net5"

Reproduce steps

Write an operation that throws SecurityException and observe that the HTTP status code returned is 403.
Add an operation filter (OnExecuting...) to that operation that throws SecurityException and observe that the HTTP status code returned is 500.

Expected result

The expected result for #2 above should be HTTP status code 403.

Actual result

The HTTP status code result for #2 above is 500.

Answer 1 · 2022-04-11T05:41:38.000Z

This error was due to an issue with serialization on .NET Core and has been resolved in checkin 6c536d7.