Secure Elmah with SSO/AzureAD authentication

Closed. This question is not about programming or software development. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 2 days ago.

Improve this question

I have a site that uses elmah, that is currently Windows auth, that I am going to be switching over to single sign-on using OIDC.

This site is using .NET Framework.

I want the elmah page (elmah.axd) to be accessible remotely, but to be secured so only developers can access it. This is currently set up in the web.config, like so:

<elmah>
  <security allowRemoteAccess="true" />
  <errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="ElmahLog" />
</elmah>
 
<location path="elmah.axd" inheritInChildApplications="false">
  <system.web>
    <httpHandlers>
      <add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
    </httpHandlers>
    <authorization>
      <allow roles="[Domain]\[Developers AD Group]" />
      <deny users="*" />
    </authorization>
  </system.web>
  <system.webServer>
    <handlers>
      <add name="ELMAH" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" />
    </handlers>
  </system.webServer>
</location>

Is it possible to accomplish the same thing with SSO? If possible, I want to avoid specifying individual users who can access the elmah pages.

asked Dec 15 at 20:24

CarenRose

1,3741 gold badge14 silver badges26 bronze badges

If you want to integrate with the ye olde and busted WebForms-era "Role" system then you'll likely need to write your own RoleProvider that integrates with your OIDC client (if one doesn't exist already; I don't know: I haven't checked).

Dai
– Dai

2025-12-16 02:05:17 +00:00
Commented Dec 16 at 2:05
1

...but at this point, I recommend you instead first modernize your application by migrating from WebForms + aspx/asmx/axd to ASP.NET MVC + WebAPI, then to ASP.NET Core, because that comes with OIDC support built-in (and far better logging features than Elmah too, IMO).

Dai
– Dai

2025-12-16 02:06:36 +00:00
Commented Dec 16 at 2:06
Thanks! We are on MVC at least, but this one will be a bit before we can migrate to newer .NET stuff. Looks like I'll have to look into a custom RoleProvider.

CarenRose
– CarenRose

2025-12-16 16:38:21 +00:00
Commented Dec 16 at 16:38

Add a comment |

0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

Secure Elmah with SSO/AzureAD authentication [closed]

0

Hot Network Questions