Menu

Subscribe

Allow access to Elmah.axd for Sitecore admins only

ELMAH is always by go to error logging solution. For those not familiar there is a great introduction by Scott Hanselman you can find here:

http://www.hanselman.com/blog/ELMAHErrorLoggingModulesAndHandlersForASPNETAndMVCToo.aspx

Once you have Elmah.axd up and running you will want to secure it on production environments. One way of doing this via a custom httpmodule which checks the request and authenticates based on the context user's Sitecore role:

public class ElmahAuthModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.AuthenticateRequest += AuthenticateElmahRequest;
    }

    void AuthenticateElmahRequest(object sender, EventArgs e)
    {
        var context = sender as HttpApplication;

        if (context == null || IsNotElmahRequest(context) || Sitecore.Context.User.IsAdministrator) return;

        context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
        context.Response.End();
    }

    private bool IsNotElmahRequest(HttpApplication context)
    {
        return context.Request.Path.IndexOf("elmah.axd", StringComparison.InvariantCultureIgnoreCase) < 0;
    }

    public void Dispose()
    { }
}

(Remember to add this to the <modules> and <httpModules> sections in your web.config).

Dave Leigh

Web, and long time Sitecore developer based in Bristol, UK, working at Valtech - valtech.co.uk - @valtech.
I occasionally do other things too.