How to secure Elmah.axd?

Question

We\'re using Elmah as our error logging system for an app that will be going into production soon. It\'s extremely useful, but if it goes into production like this anyone in

Answer 1

If you're using ASP.NET Membership, it's pretty easy to restrict access to the elmah.axd HttpHandler for anonymous users and only allow logged in users in an "Administrators" group. I've done it like this:

  ...
  
    
      
        
        
      
    
  

Anybody who's logged in AND member of the "Administrators" role can access the page now.