3

I want to do this via code if possible, I want to allow glimpse to be accessed only by administrative users, how can this be achieved?

The website states it is possible - cant seem to find the exact link though

http://getglimpse.com/

Haroon
  • 3,402
  • 6
  • 43
  • 74

2 Answers2

2

You could turn glimpse off by default and restrict the /glimpse.axd config panel to administrators only:

<location path="glimpse.axd">
    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
</location>
Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • How could I do this using code - I ideally want to say is user tom, jay or peter then allow them through... – Haroon Sep 26 '12 at 09:49
  • I could be searching the database hence why I want to check by code – Haroon Sep 26 '12 at 09:50
  • If you use roles you don't need to do it by code. Just grant all those users the custom role which you specify in your `web.config` as shown in my answer. I've used the `Admin` role in this example but you could create a special role called `Glimpse` for example and then simply grant those users this role. – Darin Dimitrov Sep 26 '12 at 10:29
  • The way @Darin suggested it would be my recommendation. But if you are looking for more than this, you would implement a `IGlimpseValidator` - here is an example https://github.com/Glimpse/Glimpse/blob/master/source/Glimpse.Core/Validator/UrlValidator.cs. Just note that with v1 this interface has changed slightly. – anthonyv Sep 29 '12 at 07:25
  • @anthonyv the link is broken? – Haroon Jun 17 '13 at 11:04
  • Latest link is - https://github.com/Glimpse/Glimpse/blob/master/source/Glimpse.Core/Policy/UriPolicy.cs and http://getglimpse.com/Help/Configuration shows more on how to use it. Hope that helps – anthonyv Jun 18 '13 at 05:01
  • Without using asp.net authorization, how to prevent users from hitting the glimpse.axd file? – MrMVCMan Sep 11 '13 at 22:20
  • Our corporation has it's relies on windows ntlm for user identification and a custom backend system for role management. I understand I could build a provider to identify the roles from our custom backend system for use in the web.config however I do not want to inject another database hit for this purpose. – MrMVCMan Sep 12 '13 at 12:30
1

In Glimpse 1.4.1, they provide a GlimpseSecurityPolicy.cs that will easily allow you to set authorization in code instead of using the element.

danmiser
  • 1,083
  • 12
  • 17