1

I am using a WCF service that sits under an ASP.NET website.

I want to keep service debug / exeption details on when I go live as it is convenient for catching errors in the global.asax file without having to throw fault exceptions.

 <serviceDebug includeExceptionDetailInFaults="true" />

Is there any reason why I should not do this. I have an error handler in place in the ASP.NET site.

AJM
  • 32,054
  • 48
  • 155
  • 243

1 Answers1

2

You will expose internal details to the client - and that can of course be considered a security issue. But if you control the client(s) and trust on your error handling on the ASP.NET site maybe that is not the case for you. The SOAP messages will also be larger.

I think it's generally considered a bad idea leave it on in production.

Jocke
  • 2,189
  • 1
  • 16
  • 24