Elamh is a common tool to debug ASP.NET application. You can use Elmah in Azure Website, here is a nice blog
But by default Elamh.axd is available to all users. Here are quick steps to secure it using forms authentication.
- Protecting Elmah.axd using ASP.NET Authentication
Add these lines at the end of web.config file
<elmah>
<!–
allow remote access to elamh.axd
–>
<securityallowRemoteAccess=“true“ />
</elmah>
<locationpath=“elmah.axd“
inheritInChildApplications=“false“>
<system.web>
<httpHandlers>
<addverb=“POST,GET,HEAD“
path=“elmah.axd“
type=“Elmah.ErrorLogPageFactory, Elmah“ />
</httpHandlers>
<!–
allow only elmahuser to access elamh.axd
–>
<authorization>
<allowusers=“elmahuser“ />
<denyusers=“*“ />
</authorization>
</system.web>
<system.webServer>
<handlers>
<addname=“ELMAH“verb=“POST,GET,HEAD“
path=“elmah.axd“
type=“Elmah.ErrorLogPageFactory, Elmah“
preCondition=“integratedMode“ />
</handlers>
</system.webServer>
</location>
- Create a user account
Add these lines within <system.web> node in web.config file as shown
<authenticationmode=“Forms“ >
<formsname=“elmahdetails“loginUrl=“login.aspx“>
<credentialspasswordFormat=“Clear“>
<username=“elmahuser“password=“mycomplexpassword“/>
</credentials>
</forms>
</authentication>
<authorization>
<allowusers = “?“ />
</authorization>
</system.web>
Add Login.aspx page, and add this html tags
<formid=”form1″runat=”server”>
<table>
<tr>
<td>User Name:</td>
<td>
<asp:TextBoxID=”TextBox1″
runat=”server”/>
</td>
</tr>
<tr>
<td>Password:</td>
<td>
<asp:TextBoxTextMode=”Password”
ID=”TextBox2″
runat=”server”/>
</td>
</tr>
</table>
<p>
<asp:ButtonID=”cmdLogin”
runat=”server”
Text=”Logon”
OnClick=”cmdLogin_Click”/>
</p>
</form>
Add this in the code behind
protectedvoid cmdLogin_Click(object sender, EventArgs e)
{
if (string.Compare(TextBox2.Text, “mycomplexpassword”) == 0 &&
string.Compare(TextBox1.Text, “elmahuser”) == 0)
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt = newFormsAuthenticationTicket(1,
TextBox1.Text,
DateTime.Now,
DateTime.Now.AddMinutes(30),
true,
“your custom data”);
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = newHttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
ck.Expires = tkt.Expiration;
ck.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(ck);
string strRedirect;
strRedirect = Request[“ReturnUrl”];
if (strRedirect == null)
strRedirect = “default.aspx”;
Response.Redirect(strRedirect, true);
}
else
Response.Redirect(“login.aspx”, true);
}
- Now try to access elmah.axd file, it should redirect to login.aspx page. Note : we are sending password in clear text