Securing Elmah RSS Feeds in ASP.NET website
https://stackoverflow.com/questions/2543296
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I followed the answer to this question Securing Elmah in ASP.NET website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?
No correct solution
OTHER TIPS
I secure mine in the web.config with a role:
<location path="elmah.axd">
<system.web>
<authorization>
<allow roles="SUPER_DUPER_ADMIN"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
