Securing elmah.axd
222 views
Skip to first unread message
yjeev...@gmail.com
Dec 29, 2010, 1:43:17 AM12/29/10
to ELMAH
Hi,
I have created a folder Admin and i configured in web.config file for
elmab.axd.
<security allowRemoteAccess="1" />
<location path="admin">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<allow users="admin"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
When i am trying to access .axd file i am not able to get the
information and I want to provide user name and password to access it.
How can i configure this in my application.
I have created a folder Admin and i configured in web.config file for
elmab.axd.
<security allowRemoteAccess="1" />
<location path="admin">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<allow users="admin"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
When i am trying to access .axd file i am not able to get the
information and I want to provide user name and password to access it.
How can i configure this in my application.
Atif Aziz
Dec 29, 2010, 6:27:44 PM12/29/10
to el...@googlegroups.com
Have you looked at the following?
It details the steps to the kind of setup you're looking for placing ELMAH's log view under a secured administration path.
See also Securing Error Log Pages wiki for more information.
- Atif
--
You received this message because you are subscribed to the Google Groups "ELMAH" group.
To post to this group, send email to el...@googlegroups.com.
To unsubscribe from this group, send email to elmah+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/elmah?hl=en.
Rodusa
Dec 29, 2010, 6:47:13 PM12/29/10
to ELMAH
If there is a database error this example would not work since it uses
forms authentication. Usually forms authentication has some sort of
database access to verify authentication. Is there any example for
windows authentication which would apply exclusively to elmah without
affecting any existing forms authentication?
Rod
forms authentication. Usually forms authentication has some sort of
database access to verify authentication. Is there any example for
windows authentication which would apply exclusively to elmah without
affecting any existing forms authentication?
Rod
Atif Aziz
Dec 29, 2010, 7:29:43 PM12/29/10
to el...@googlegroups.com
Is there any example for
windows authentication which would apply exclusively to elmah without
affecting any existing forms authentication?
I haven't tried it but I imagine it may be possible. You would essentially have to configure ASP.NET to allow anonymous access to an admin location for ELMAH so that Forms authentication never kicks in there. At the same time, you would have to configure IIS to require Windows authenticaton for the same admin location.
I wrote extensively about HTTP authentication as well as mixing Forms with HTTP authentication some time ago in an MSDN article. See:
Supporting HTTP Authentication and Forms Authentication in a Single ASP.NET Web Site
Supporting HTTP Authentication and Forms Authentication in a Single ASP.NET Web Site
- Atif
--
Reply all
Reply to author
Forward
0 new messages