asp.net-mvcelmah.mvc

ASP.Net MVC: elmah.axd will be accessible for admin role only

i read this article to implement elmah http://www.c-sharpcorner.com/UploadFile/858292/exception-logging-in-mvc-using-elmah/

but i want only authorized person with admin role can see the elmah.axd file. how could i do it? guide me.

i found one way to attach elmah.axd file with admin role. here is code

https://blog.elmah.io/elmah-tutorial/

<location path="elmah.axd">
    <system.web>
        <httpHandlers>
            <add verb="POST,GET,HEAD"
                 path="elmah.axd"
                 type="Elmah.ErrorLogPageFactory, Elmah" />
        </httpHandlers>
        <authorization>
            <allow roles="admin" />
            <deny users="*" />
        </authorization>
    </system.web>
    <system.webServer>
        <handlers>
            <add name="ELMAH"
                 verb="POST,GET,HEAD"
                 path="elmah.axd"
                 type="Elmah.ErrorLogPageFactory, Elmah"
                 preCondition="integratedMode" />
        </handlers>
    </system.webServer>
</location>

tell me the above way is the only way to protect elmah.axd file for admin role.

from this link https://blog.elmah.io/elmah-security-and-allowremoteaccess-explained/

i found this one

<appSettings>
    <add key="elmah.mvc.requiresAuthentication" value="true" />
    <add key="elmah.mvc.allowedRoles" value="Admin" />
    <add key="elmah.mvc.allowedUsers" value="Thomas" />
</appSettings>

if i add the above entry in web.config file then no authorized user other than admin role can not access elmah.axd file.......i have doubt. please some one guide me.

Solution

  • As I understand it from the docs, the first example is a general solution for ASP.NET. This has some issues with MVC, specifically with MVC's HandleErrorAttribute as well as getting custom errors.

    The second example is for Elmah.MVC, a package specifically catering to ASP.NET MVC. This is the recommended way to set up Elmah when using the MVC framework.

    <appSettings>
    <add key="elmah.mvc.requiresAuthentication" value="true" />
    <add key="elmah.mvc.allowedRoles" value="Admin" />
    <add key="elmah.mvc.allowedUsers" value="Thomas" />
</appSettings>

    What about ASP.NET MVC?

    ELMAH were originally created for ASP.NET. Different features available in ASP.NET MVC have been causing a lot of head-scratching since introduced back in 2007. Some of you may have struggled with MVC's HandleErrorAttribute as well as getting custom errors and ELMAH working at the same time. In 2011, Alexander Beletsky created the Elmah.MVC package to help MVC developers using ELMAH. We highly recommend MVC projects to use this package, since it removes a lot of the frustrations that people are having with MVC and ELMAH.

    https://blog.elmah.io/elmah-security-and-allowremoteaccess-explained/