Home/ Questions/Q 7530851
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T05:01:31+00:00

I started using ELMAH and I think its great. I read some documentation online

  • 0

I started using ELMAH and I think its great. I read some documentation online but right now my app doesn’t have roles/user authorization setup.

I would like to be able to read the error logs on production by accessing /elmah.axd but I don’t want to just open it up to everyone, does elmah have any functionality that would allow me to create a password (in web.config) and pass it via querystring? Mimicking a “secure” RSS feed. Or something similar ofcourse….

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    but right now my app doesn’t have roles/user authorization setup

    Actually it’s not that hard to configure forms authentication:

    <authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880">
    <credentials passwordFormat="Clear">
      <user name="admin" password="secret" />
    </credentials>
  </forms>
</authentication>

    and then protect elmah.axd:

    <location path="elmah.axd">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
</location>

    and finally you could have an AccountController:

    public class AccountController : Controller
{
    public ActionResult LogOn()
    {
        return View();
    }

    [HttpPost]
    public ActionResult LogOn(string username, string password)
    {
        if (FormsAuthentication.Authenticate(username, password))
        {
            FormsAuthentication.SetAuthCookie(username, false);
            return Redirect("~/elmah.axd");
        }
        else
        {
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
        }
        return View();
    }
}

    and a LogOn.cshtml view:

    @Html.ValidationSummary(false)

@using (Html.BeginForm()) 
{
    <div>
        @Html.Label("username")
        @Html.TextBox("username")
    </div>
    <div>
        @Html.Label("password")
        @Html.Password("password")
    </div>
    <p>
        <input type="submit" value="Log On" />
    </p>
}

    Now when an anonymous user tries to access /elmah.axd he will be presented with the logon screen where he needs to authenticate in order to access it. The username/password combination is in web.config. I have used passwordFormat="Clear" in this example but you could also SHA1 or MD5 the password.

    Of course if you don’t want to configure authentication you could also configure elmah to store logging information in a XML file or SQL database and then completely disable the elmah.axd handler from your publicly facing website. Then create another ASP.NET site which only you would have access to with the same elmah configuration pointing to the same log source and simply navigate to the /elmah.axd handler of your private site to read the logs of your public site.

    • 0