Allow access to Elmah.axd for Sitecore admins only

ELMAH is always by go to error logging solution. For those not familiar there is a great introduction by Scott Hanselman you can find here:

Once you have Elmah.axd up and running you will want to secure it on production environments. One way of doing this via a custom httpmodule which checks the request and authenticates based on the context user's Sitecore role:

public class ElmahAuthModule : IHttpModule
    public void Init(HttpApplication context)
        context.AuthenticateRequest += AuthenticateElmahRequest;

    void AuthenticateElmahRequest(object sender, EventArgs e)
        var context = sender as HttpApplication;

        if (context == null || IsNotElmahRequest(context) || Sitecore.Context.User.IsAdministrator) return;

        context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;

    private bool IsNotElmahRequest(HttpApplication context)
        return context.Request.Path.IndexOf("elmah.axd", StringComparison.InvariantCultureIgnoreCase) < 0;

    public void Dispose()
    { }

(Remember to add this to the <modules> and <httpModules> sections in your web.config).

Dave Leigh

Web, and long time Sitecore developer based in Bristol, UK, working at Valtech - - @valtech.
I occasionally do other things too.