How to set a custom route value so that only members with the Admin role can access my elmah.axd page in MVC3

Question

I need to set a custom route value so that you are forced to go to

site/admin/elmah.axd

In my web.config I have:

<location path="elmah.axd">
 <system.web>
   <authorization>
     <allow roles="Admin" />
     <deny users="*" />
   </authorization>
 </system.web>
</location>

Plus all the other pertinent elmah settings. If I remove that section I can just type:

site/elmah.axd

But I only want Admin's to be able to access this page.

I have an admin page that you login and if you are in the Admin Role then you should be redirected to elmah.axd

    public AdminController(IRepository<User> userRepository)
    {
        _userRepository = userRepository;
    }

    //
    // GET: /Admin/

    public ActionResult Index()
    {
        return View(Constants.Admin);
    }

public ActionResult AdminLogin(string SSN)
    {
        var user = _userRepository.FindBy(x => x.UserName == SSN).SingleOrDefault();
        if (UserIsAnAdmin(user))
        {
            return RedirectToRoute("/elmah.axd");
        }
        return View(Constants.DeniedAccess);
    }

I have a route value in my Global.asax file that I need help with.

 routes.MapRoute(
            "mocklogin",
            "{controller}/{action}", // URL with parameters
            new { controller = "MockLogin", action = "Index" } // Parameter defaults
            );


        routes.MapRoute(
            "elmah.axd",
            "{controller}/{action}", // URL with parameters

            );



        routes.MapRoute(
            "Default", // Route name
            "{controller}/{action}", // URL with parameters
            //need something here redirecting to the elmah.axd page      
    );

Is there a way to redirect the page to the /elmah.axd page on my site.

In the end I want to go to the Admin page of my site and when I click submit if the User is an admin I want to redirect to the elmah.axd page. Otherwise I go to my custom error page. I need to somehow get the ssn on the controller call the conditional and if true redirect to elmah.axd. How do I redirect to elmah.axd in MVC?

I'm not sure what you want to do here, do you want the default route to redirect to elmah.axd? Then the security will be handled by the web.config? What is working right now and are you trying to get help with? — VinnyG, Mar 06 '13 at 16:35
if you keep the settings and go to AdminLogin, enter youre credentials, does it works? What else do you have in the routes? And if you go to the /elmah.axd path with the location settings what happen? — VinnyG, Mar 06 '13 at 16:43
I get the error: No route in the route table matches the supplied values. on the above route I need the last line that instead of routing to a controller and action I need to render the elmah.axd page — Robert, Mar 06 '13 at 16:53
Can you post all your routes config? And your full controller — VinnyG, Mar 06 '13 at 16:54
Don't know what you want to do but this might help : https://code.google.com/p/elmah/wiki/DotNetSlackersArticle — VinnyG, Mar 06 '13 at 17:14

VinnyG · Accepted Answer · 2013-03-06T20:49:17.863

Update : To redirect to a static route use Response.Redirect("URL");

see below :

You can't create a route that point to something else than a Controller and Action. So the best would be that your Index Action of your Controller does a redirect to /elmah.axd and set your default route to this action.

Route :

routes.MapRoute(
    "Default", // Route name
    "{controller}/{action}", // URL with parameters

);

Controller :

    public AdminController(IRepository<User> userRepository)
    {
        _userRepository = userRepository;
    }

    public ActionResult Index()
    {
         Response.Redirect("/elmah.axd");
         return View(); //will not be hit
    }

    public ActionResult AdminLogin(string SSN)
    {
        var user = _userRepository.FindBy(x => x.UserName == SSN).SingleOrDefault();
        if (UserIsAnAdmin(user))
        {
            return RedirectToRoute("/elmah.axd");
        }
        return View(Constants.DeniedAccess);
    }

Let me know if it works.

Not quite working let me reword my question and maybe make it more clear — Robert, Mar 06 '13 at 18:33

score 0 · Answer 2 · answered Mar 06 '13 at 17:06

0

You can use the Application_AuthenticateRequest in the Global.asax file.

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    if (HttpContext.Current.User.IsInRole("Admin"))
        // Do your thing
}

answered Mar 06 '13 at 17:06

Roger Far

2,178
3
36
67

That only works with the default authentication provided by MVC Right? – Robert Mar 06 '13 at 17:08
I am currently using a third party app to authenticate users – Robert Mar 06 '13 at 17:08
Well it depends. I assume the third party app will still use parts of the authentication framework. Or else I would not be very comfortable with the security. – Roger Far Mar 06 '13 at 19:05

How to set a custom route value so that only members with the Admin role can access my elmah.axd page in MVC3

2 Answers2