Reputation: 18919
How to secure Elmah in MVC in area
Hi am trying to secure elmah to only be accessible from within an mvc area called admin: /admin/area
I have added the following to the top of the routes config so they appear first:
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.IgnoreRoute("admin/elmah.axd/{*pathInfo}");
and have the following in web.config under both system.web and system.webServer:
<handlers>
...
<add verb="POST,GET,HEAD" path="/admin/elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</handlers>
Yet i keep getting:
The controller for path '/admin/elmah.axd' could not be found.
Seems the route is not being ignored?
Upvotes: 1
Views: 439
Answers (1)
Reputation: 399
The Elmah.MVC nuget might be of help.
Prior to version 2.0.0 (eg. 1.3.2) it added an area named "admin" and inside that a controller named "elmah". So you could remove the handler with "elmah.axd" from web.config, and still access elmah on "/admin/elmah". You could then secure this route with adding autorizeattribute to the elmahcontroller.
In version > 2.0.0 it has changed to not add the area named admin. Instead you access elmah on "/elmah". Version > 2.0.0 also removes the elmah.axd from your web.config automaticly.
Upvotes: 1
Related Questions
- Can i prevent Elmah inside my asp.net mvc-4 web aplication from exposing the users' passwords
- How do I secure Elmah on ASP.Net MVC 4 with Windows Integrated Security : Elmah ignores my settings
- ASP.NET MVC Site With ELMAH.MVC - Windows Authentication
- How to secure Elmah.axd?
- Securing Elmah in ASP.NET website
- Custom authentication for Elmah in .net mvc
- Elmah.MVC 2.0.1 - securing the elmah logs
- how to secure elmah.axd if I am not using ASP.NET Membership
- Secure elmah with ASp.NET security but only to some users
- How to secure Elmah working with ASP.NET and IIS 5.1 URL Routing