Securing ELMAH with ASP.NET MVC

So I like Elmah and its logging of my unhandled exceptions suer, but I don’t need every yahoo with visibility to that. This is the steps I took to only allow Elmah access to users in the “Admin” role and have it still work with ASP.NET MVC.

Put this into the web.config;

  
    
      
        
      
      
        
        
      
    
  

Now put this into your global.asax, up top (before all the other routing) is best;

            routes.IgnoreRoute("admin/elmah.axd");
            routes.IgnoreRoute("admin/{resource}.axd/{*pathInfo}");

You don’t have have any controller action setup, the handler builds this on the fly to handle the incomding axd request. Nice and simple.

Enjoy!

Leave a Reply