ASP.NET Security Vulnerability Error Handling Project Part 3 - Sending Mail MailMessage()

Added note: A patch has been created. See Scott Guthrie's post here.  

In ASP.NET Security Vulnerability Error Handling Project Part 1, we discussed implementing a project that utilizes the suggestions made in Scott Guthrie's post on ASP.NET Security Vulnerability. Even after Microsoft releases a patch for this security vulnerability, this working project will still be valuable for generating your error messages and sending emails.

I showed how to setup the web.config file, add the sleep delay, and optionally display the error to the screen for developer debugging. Now we'll discuss the actual error handling.

In ASP.NET Security Vulnerability Error Handling Project Part 2, I showed how to retrieve the Exception.

In this post, Part 3, we will review the SendMailMessage function. In order to have good error handling on your site, you should have some method of sending the error messages received by the users to the developer. We will send them via email. Of course, if the error message pertains to the mail server being down or there is an error in your master page, you're out of luck. :) But otherwise, this will work fine.

The complete project can be found in this NannetteThackerErrorHandling.zip file.

My SendMailMessage function is a combination of the best tips I've seen on the web for sending mail. I've added a few of my own snippets, such as looping through comma delimited email addressses to allow sending to multiple recipients. Also, if an empty string is returned, no error was generated.

Public Shared Function SendMailMessage(ByVal toEmail As String, _
ByVal subject As String, ByVal body As String, _
Optional ByVal fromEmail As String = "", _
Optional ByVal bcc As String = "", _
Optional ByVal cc As String = "", _
Optional ByVal attachmentFileName As String = "" _
) As String

Try

' Instantiate a new instance of MailMessage
Dim mMailMessage As New MailMessage()

' Set the sender address of the mail message
If fromEmail <> String.Empty Then
    mMailMessage.From = New MailAddress(fromEmail)
Else
    mMailMessage.From = New MailAddress(WebConfigurationManager.AppSettings("MailFrom"), "My Website Name")
End If

If attachmentFileName <> String.Empty Then
    Dim attachmentfile As New System.Net.Mail.Attachment(attachmentFileName)
    mMailMessage.Attachments.Add(attachmentfile)
End If

If toEmail = String.Empty Then
    toEmail = WebConfigurationManager.AppSettings("ErrorHandlingMailTo")
End If

toEmail = Trim(toEmail) ' trim off any spaces on the right
If Right(toEmail, 1) = "," Then
    toEmail = Left(toEmail, Len(toEmail) - 1)
End If

Dim mailTo As String = toEmail
' allow pass in a set of comma delimited names and add the address per recipient
If Not mailTo Is Nothing And mailTo <> String.Empty Then
    Dim newaddy As String() = Split(mailTo, ",")
    For Each addr In newaddy
        If Len(addr) <> 0 Then
            If Not mMailMessage.To.Contains(New MailAddress(addr)) Then
                mMailMessage.To.Add(addr)
            End If
        End If
    Next
End If

' Check if the bcc value is null or an empty string

If Not bcc Is Nothing And bcc <> String.Empty Then
    'Set the Bcc address of the mail message
    Dim newaddy As String() = Split(bcc, ",")
    For Each addr In newaddy
        If Len(addr) <> 0 Then
            If Not mMailMessage.To.Contains(New MailAddress(addr)) Then
                mMailMessage.Bcc.Add(New MailAddress(addr))
            End If
        End If
    Next
End If

' Check if the cc value is null or an empty value
If Not cc Is Nothing And cc <> String.Empty Then
    ' Set the CC address of the mail message
    Dim newaddy As String() = Split(cc, ",")
    For Each addr In newaddy
        If Len(addr) <> 0 Then
            If Not mMailMessage.To.Contains(New MailAddress(addr)) Then
                mMailMessage.Bcc.Add(New MailAddress(cc))
            End If
        End If
    Next
End If

' Set the subject of the mail message
mMailMessage.Subject = subject

' Set the body of the mail message
body = "<font face=""verdana"">" & body & "</body>"
mMailMessage.Body = body

' Secify the format of the body as HTML
mMailMessage.IsBodyHtml = True

' Set the priority of the mail message to normal
mMailMessage.Priority = MailPriority.Normal ' Instantiate a new instance of SmtpClient
Dim mSmtpClient As New SmtpClient()
mSmtpClient.Host = WebConfigurationManager.AppSettings("MailHost")

If Not GetValues.IsLocalHost() Then ' don't send if testing locally
    ' Send the mail message
    mSmtpClient.Send(mMailMessage)
End If

' dispose and set to nothing
If attachmentFileName <> String.Empty Then
    attachmentFileName = Nothing
    mMailMessage.Attachments.Dispose()
End If

mSmtpClient = Nothing

Return String.Empty ' success

Catch ex As Exception
    Return ex.Message
End Try

End Function

The complete project can be found in this NannetteThackerErrorHandling.zip file.

May your dreams be in ASP.NET! 

Nannette Thacker

Shining Star Services LLC on LinkedIn

2 Comments

Comments have been disabled for this content.