0

It was really easy to install elmah with nuget and get it working right away.

The challenge came in while trying to password protect the page.

In the project I have, there is an Admin controller which I use mvc 3 sql membership provider which comes out of the box when u start an mvc 3 app. The default impl is not using any roles. It just validates the user, and only the authorized users can use the admin anyway.

In the elmah log :

<authorization>  
    <allow roles="admin" />  
    <allow roles="dev" />  
    <deny users="*" />  
</authorization>

how does this work? how can i define and pass these roles so elmah would understand this?

is there an easier way to do this?

DarthVader
  • 46,241
  • 67
  • 190
  • 289

3 Answers3

2

You look like you're on the right track. Since you trust any logged in user, you first deny anonymous user access and then allow authorized user access like this:

<authorization>
  <deny users="?"/>
  <allow users="*"/>
</authorization>
w.brian
  • 13,695
  • 12
  • 57
  • 100
1

There's a Nuget package by Alexander Beletsky that makes it very easy to integrate Elmah with MVC and role-based security: Elmah.MVC. It works great and creates a controller that can be secured by role and allows nice routing as well.

Here is the project page.

Turnkey
  • 8,768
  • 3
  • 24
  • 36
1

You might want to consider Elfar instead of Elmah for an MVC3 Application. Elfar is "inspired" by Elmah, but is a lot simpler and easy to properly configure. There's several nuget packages for it with several database types.

I find Elmah to be a lot heaver than it needs to be for somple exception handling. Elfar is a lot simpler.

Erik Funkenbusch
  • 90,480
  • 27
  • 178
  • 274