How to secure Elmah Page in RemoteAccess

Question

i have an ASP MVC web site that is published.

and i adjusted <security allowRemoteAccess="yes"/> in webconfig

and now anybody can access Elmah page

by saying that i didnt use ASP.Net Identity,how can i secure ELmah Page?

That was my querstion too .. Please help some one! – S.Mohamed Mahdi Ahmadian zadeh Dec 11 '16 at 09:07 — S.Mohamed Mahdi Ahmadian zadeh, Dec 11 '16 at 09:07

score 0 · Answer 1 · answered Dec 14 '16 at 10:05

0

I wrote a blog post a couple of months ago, that explains everything you need to know: ELMAH security and allowRemoteAccess explained. Basically, you will need to install the Elmah.MVC package and add app settings like this:

<appSettings>
    <add key="elmah.mvc.requiresAuthentication" value="true" />
    <add key="elmah.mvc.allowedRoles" value="Admin" />
    <add key="elmah.mvc.allowedUsers" value="Thomas" />
</appSettings>

answered Dec 14 '16 at 10:05

ThomasArdal

4,999
4
33
73

i didnt use ASP.NET Identity – AliBoronsi Dec 14 '16 at 11:36
Not sure I understand? – ThomasArdal Dec 14 '16 at 11:37
you allowed Admin role and Thomas User that are in Identity Tables of asp,but i didnt use Identity – AliBoronsi Dec 14 '16 at 11:39
Ahh I see. I read is as you are using Identity. Sorry. How do you secure your pages then? – ThomasArdal Dec 14 '16 at 11:40
is it possible to override Elmah Controller? – AliBoronsi Dec 14 '16 at 11:41
Take a look at this example: http://blog.elmah.io/elmah-security-and-allowremoteaccess-explained/#access-through-aspnet-authorization. As long as you set the username of the currently logged in user as the identity on the thread, I think that you will be able to secure the access to elmah.axd using that approach. – ThomasArdal Dec 14 '16 at 11:44
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/130599/discussion-between-ali7091-and-thomasardal). – AliBoronsi Dec 14 '16 at 11:46

How to secure Elmah Page in RemoteAccess

1 Answers1