6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Securing Elmah RSS Feeds in ASP.NET website\",\"text\":\"

I followed the answer to this question Securing Elmah in ASP.NET website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"danludwig\"},\"upvoteCount\":9,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","asp.net",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/asp.net/1","children":"asp.net"}]}],["$","span","security",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/security/1","children":"security"}]}],["$","span","rss",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/rss/1","children":"rss"}]}],["$","span","elmah",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/elmah/1","children":"elmah"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/6678ab39685245af4ae529ec4c5f112c?s=256&d=identicon&r=PG","alt":"danludwig","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/304832/danludwig","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"danludwig"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",47365]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Securing Elmah RSS Feeds in ASP.NET website"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",9]}],["$","p",null,{"children":["Views: ",1393]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","5131437",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/81e3b939bea69fdddf9ce72629a37897?s=256&d=identicon&r=PG","alt":"rick schott","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/58856/rick-schott","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"rick schott"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",21137]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

I secure mine in the web.config with a role:

\n\n

<location path=\"elmah.axd\">\n    <system.web>\n        <authorization>\n            <allow roles=\"SUPER_DUPER_ADMIN\"/> \n            <deny users=\"*\"/> \n        </authorization>\n    </system.web>\n</location>\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",8]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","4416318",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4416318","className":"text-blue-600 hover:underline","children":"How to secure Elmah.axd?"}]}],["$","li","1245364",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1245364","className":"text-blue-600 hover:underline","children":"Securing Elmah in ASP.NET website"}]}],["$","li","3750964",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3750964","className":"text-blue-600 hover:underline","children":"RSS feeds security"}]}],["$","li","1046234",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1046234","className":"text-blue-600 hover:underline","children":"Securing ELMAH while yet making it possible to access it via RSS Reader"}]}],["$","li","7935160",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7935160","className":"text-blue-600 hover:underline","children":"Is there a way to secure an RSS feed behind ASP.Net Forms Authentication and still allow readers?"}]}],["$","li","3191328",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3191328","className":"text-blue-600 hover:underline","children":"ASP.NET MVC - Create RSS feed that requires authentication"}]}],["$","li","2839553",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2839553","className":"text-blue-600 hover:underline","children":"ASP.NET MVC: How does one add authentication to RSS Feeds?"}]}],["$","li","2415310",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2415310","className":"text-blue-600 hover:underline","children":"Implementing Security for Rss Feeds"}]}],["$","li","2414373",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2414373","className":"text-blue-600 hover:underline","children":"Securing the rss feed with username and password,for private viewing"}]}],["$","li","293878",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/293878","className":"text-blue-600 hover:underline","children":"How to allow authorization to an rss feed using ASP.NET MVC?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Securing Elmah RSS Feeds in ASP.NET website

Answers (1)

Related Questions