How to protect ELMAH web console in Umbraco?

Question

How to protect ELMAH web console in Umbraco?

How /elmah.axd requests can be restricted by the Umbraco user administrator .

I understand that Umbraco membership providers and roles apply to Umbraco members, but not to users. Umbraco users do not have a username or role (for example, "Admins") that can be used on the Internet. config as follows:

<location path="elmah.axd">
  <system.web>
    <authorization>
        <allow roles="Admins" />
        <deny users="*" />
    </authorization>
  </system.web>
</location>

This is the recommended way to protect ELMAH in other ASP.Net applications.

Has anyone done this in Umbraco?

+5

security elmah umbraco

Jonh May 03 '12 at 9:40 pm

source share

2 answers

, ELMAH, Umbraco

,

0

Tom Dudfield 04 '12 8:15

Jonh · Accepted Answer · 2012-08-30T16:34:16+0000

I solved the problem by creating an HTTP module to intercept requests on elmah.axd and only allow Umbraco administrators to view it. Here is the module code:

namespace MyNamespace
{
    using System;
    using System.Configuration;
    using System.Web;
    using System.Web.Configuration;

    using umbraco.BusinessLogic;

    public class ElmahSecurityModule : IHttpModule
    {
        private HttpApplication _context;

        public void Dispose()
        {
        }

        public void Init(HttpApplication context)
        {
            this._context = context;
            this._context.BeginRequest += this.BeginRequest;
        }

        private void BeginRequest(object sender, EventArgs e)
        {
            var handlerPath = string.Empty;

            var systemWebServerSection = (HttpHandlersSection)ConfigurationManager.GetSection("system.web/httpHandlers");

            foreach (HttpHandlerAction handler in systemWebServerSection.Handlers)
            {
                if (handler.Type.Trim() == "Elmah.ErrorLogPageFactory, Elmah")
                {
                    handlerPath = handler.Path.ToLower();
                    break;
                }
            }

            if (string.IsNullOrWhiteSpace(handlerPath) || !this._context.Request.Path.ToLower().Contains(handlerPath))
            {
                return;
            }

            var user = User.GetCurrent();

            if (user != null)
            {
                if (user.UserType.Name == "Administrators")
                {
                    return;
                }
            }

            var customErrorsSection = (CustomErrorsSection)ConfigurationManager.GetSection("system.web/customErrors");

            var defaultRedirect = customErrorsSection.DefaultRedirect ?? "/";

            this._context.Context.RewritePath(defaultRedirect);
        }
    }
}

... and web.config:

<configuration>
    <system.web>
        <httpModules>
            <add name="ElmahSecurityModule" type="MyNamespace.ElmahSecurityModule" />
        </httpModules>
    </system.web>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true">
          <add name="ElmahSecurityModule" type="MyNamespace.ElmahSecurityModule" />
        </modules>
    </system.webServer>
</configuration>

How to protect ELMAH web console in Umbraco?

More articles: