How to handle System.InvalidOperationException in entity framework?

Question

I am new to asp.net web API. i have made a functions that should validate the user the front end sends data and then i search for data in database. But when the account is not found i always got a exception how should i handle that exception to send to the front end information also what should i return when the first if statement is not true as null dose not work.

public UserData ByPassword(string emailAddress, string password)
        {
            if (emailAddress != null && password != null)
            {
                    Account account = db.Accounts.Where(acc => acc.AccMail == emailAddress && acc.AccPassword == password.ToLower()).Single();
                    string token = OurAuthorizationAttribute.CreateTicket(account.AccID, false);
                    UserData data = new UserData();
                    data.Id = account.AccID;
                    data.Token = token;
                    return data;

            }

her also i have add try and catch block but still the same issue.

public UserData ByPassword(string emailAddress, string password)
        {
            if (emailAddress != null && password != null)
            {
                try
                {
                    Account account = db.Accounts.Where(acc => acc.AccMail == emailAddress && acc.AccPassword == password.ToLower()).Single();
                    string token = OurAuthorizationAttribute.CreateTicket(account.AccID, false);
                    UserData data = new UserData();
                    data.Id = account.AccID;
                    data.Token = token;
                    return data;
                }
                catch
                {
                    throw new OurException(OurExceptionType.InvalidCredentials);
                }
            }
             throw new OurException(OurExceptionType.InvalidCredentials);
        }

Answer 1

System.InvalidOperationException indicates a programming error. You handle it by fixing your code.

In this particular case the error is on this line:

Account account = db.Accounts.Where(acc => acc.AccMail == emailAddress && acc.AccPassword == password.ToLower()).Single();

Your code makes an assumption that Accounts must contain a record for any {emailAddress, password} pair, which is not true. Replacing Single with SingleOrDefault will make the exception go away. Of course you would need to null-check the result to see if the record was there or not.

Here is how you can change your code:

public UserData ByPassword(string emailAddress, string password) {
    // null-check your arguments to detect programming errors in the "upstream" code
    if (emailAddress == null) throw new ArgumentNullException("emailAddress");
    if (password == null) throw new ArgumentNullException("password");
    // Now that your arguments are "sanitized", fix the Single() call
    Account account = db.Accounts.Where(acc => acc.AccMail == emailAddress && acc.AccPassword == password.ToLower()).SingleOrDefault();
    // Missing credentials is not a programming error - throw your specific exception here:
    if (account == null) {
        throw new OurException(OurExceptionType.InvalidCredentials);
    }
    string token = OurAuthorizationAttribute.CreateTicket(account.AccID, false);
    UserData data = new UserData();
    data.Id = account.AccID;
    data.Token = token;
    return data;
}

NOTE : Although the above change would fix the coding error, it would not address a major design flaw of storing passwords in plain text. See this question for an in-depth discussion on storing passwords in databases.