How to configure ELMAH to show log just for Sitecore user

Question

I added Elmah tool to my Sitecore Solution, actually I did it like here http://newguid.net/sitecore/2011/using-elmah-for-error-logging-within-sitecore/ Just one rolls I have enabled is allowRemoteAccess property,

<elmah>
<security allowRemoteAccess="1" />  
</elmah>

Now logs available for every one from any place, but I want to show it just for user who is login (authorized) to sitecore (sitecore users)

How I can mange it ?

Thanks.

Answer 1

I found solution after research of elmah source code and this article http://dotnetslackers.com/articles/aspnet/Securing-ELMAH-with-Independent-HTTP-Authentication.aspx. User can implement IRequestAuthorizationHandler for custom IHttpModule I did next:

 public class SitecoreAuthModule :IHttpModule, IRequestAuthorizationHandler
{
    public bool Authorize(HttpContext context)
    {
        return SC.Context.User.IsAdministrator;
    }

    public void Init(HttpApplication context)
    {
        context.AuthenticateRequest += new EventHandler(ContextAuthenticateRequest); ;
    }

    void ContextAuthenticateRequest(object sender, EventArgs e)
    {
        var context = sender as HttpApplication;
        if (context.Request.Path.IndexOf("elmah.axd",
            StringComparison.InvariantCultureIgnoreCase) < 0)
            return;
    }

    public void Dispose()
    {

    }
}

Answer 2

Not sure what Elmah had built in now, but I used to do this:

<location path="elmah.axd">
    <system.web>
        <authorization>
            <allow roles="SITECORE_USERS"/> <!---put your role here-->
            <deny users="*"/> 
        </authorization>
    </system.web>
</location>

Securing Elmah RSS Feeds in ASP.NET website