It's a wild guess but worth a shot, right? admin is adminstrator (which is a 'user' type) wheras a member group is to be considered a 'role'. So, do you have a 'Adminstrator' member group?
I think the role provider system only works with Members, not Users (back office people). Lee Kelleher wrote a post on how to integrate Elmah with Umbraco (http://blog.leekelleher.com/2009/04/23/integrating-elmah-with-umbraco/) maybe have a read of what he did
Because I don't have any 'membership' in this case, so I could disable it if that helps. (but not a good soution for any project that does have members)
Other than that, the best bet is to ask the question the ELMAH support group, or even StackOverflow to see how you would allow authorisation from a specific user/role in a custom membership provider?
Meanwhile, if anyone else figures it out... I'd love to know! (I'll update my blog post with the details too)
In case it helps anyone, I will post the steps I used to restrict ELMAH logs to logged in admin "users" and disallow "members", or unauthenticated users from seeing the logs.
This wiki is good, but it goes off the rails at the end. It says you can restrict ELMAH using ASP.NET authorization. If you want to continue to review the logs in the backend as described in the wiki, then this is simply not true.
The only way I was effectively able to restrict the ELMAH logs to logged in admin users in the Umbraco backend was to introduce an HTTP Module.
Create a c# class module, insert the code listing below, compile it and drop it in the Umbraco bin folder, you must also delete the App_global.asax file from the Umbraco bin folder, and register your new module in your web.config file, making an entry for your new module under the httpmodules section AND the modules section.
You will now find you can log in as an admin user in the backend and browse the elmah logs, log out, and then see that elmah.axd is inaccessible in the site root.
using System;
using System.Web;
using umbraco.BusinessLogic;
public class ElmahRedirect : IHttpModule
{
public ElmahRedirect()
{
}
public void Init(HttpApplication application)
{
application.BeginRequest += (new EventHandler(this.Application_BeginRequest));
Secure a path with authorization using asp.net authentication (Elmah)
Hi all,
Why does this not work in the web.config? (umbraco 4.0.0)
I login to the umbraco admin as administrator, but am still denied access to the path specified.
Is something fundamentally wrong or have I got the role name wrong?
Cheers.
Murray.
Murray,
It's a wild guess but worth a shot, right? admin is adminstrator (which is a 'user' type) wheras a member group is to be considered a 'role'. So, do you have a 'Adminstrator' member group?
Cheers,
/Dirk
I think the role provider system only works with Members, not Users (back office people). Lee Kelleher wrote a post on how to integrate Elmah with Umbraco (http://blog.leekelleher.com/2009/04/23/integrating-elmah-with-umbraco/) maybe have a read of what he did
Ahh yes, you're both right I'm trying to use 'Users' not 'Members'.
However I want to use 'Users' ... I don't want admins having 2 accounts (for any reason especially just so they can see error reporting.)
I tried changing to this:
Because I don't have any 'membership' in this case, so I could disable it if that helps. (but not a good soution for any project that does have members)
But it doesn't seem to work.
Is there any other way around this?
Cheers.
Murray.
P.S. I used Lee Kelleher's blog post to set it all up, but it does not cover security.
Murray -
I know you're dealing with users, but this post may be of help since it ties into the ASP.NET Authorization that you specify in you first post:
http://our.umbraco.org/forum/developers/extending-umbraco/2923-Authorization-Alternatives-when-Integrating-with-AspNet-Sites
-Paul
Have you enabled Remote Access in Elmah config enabled? (I don't know the exact config property, don't have it opened at the moment)
As I mentioned to Murray on my blog, I haven't tried to restrict remote access to a specific user/group/role.
I had a quick play around with the following options in the Web.config - none of them worked for me... but it's worth a try?
<location path="elmah.axd"> <system.web> <authorization> <allow roles="Administrator" /> <deny users="*" /> </authorization> <membership defaultProvider="UsersMembershipProvider"> <providers> <clear/> <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed"/> </providers> </membership> <roleManager enabled="true" defaultProvider="UmbracoRoleProvider"> <providers> <clear/> <add name="UmbracoRoleProvider" type="umbraco.providers.members.UmbracoRoleProvider"/> </providers> </roleManager> </system.web> </location>Other than that, the best bet is to ask the question the ELMAH support group, or even StackOverflow to see how you would allow authorisation from a specific user/role in a custom membership provider?
Meanwhile, if anyone else figures it out... I'd love to know! (I'll update my blog post with the details too)
@slace, yep remote access is enabled.
as you mentioned earlier I'm guessing my problem is here....it seems the roleProvider generating roles from 'Member Groups' , rather than 'User Types'
Is there an equivalvent provider that works by generating roles from 'User Types' ?
If not I'll give Pauls method a try, or perhaps try write my own RoleProvider.
In case it helps anyone, I will post the steps I used to restrict ELMAH logs to logged in admin "users" and disallow "members", or unauthenticated users from seeing the logs.
Follow the steps in this article to get ELMAH up and running: http://our.umbraco.org/wiki/how-tos/use-elmah-with-umbraco
This wiki is good, but it goes off the rails at the end. It says you can restrict ELMAH using ASP.NET authorization. If you want to continue to review the logs in the backend as described in the wiki, then this is simply not true.
The only way I was effectively able to restrict the ELMAH logs to logged in admin users in the Umbraco backend was to introduce an HTTP Module.
Create a c# class module, insert the code listing below, compile it and drop it in the Umbraco bin folder, you must also delete the App_global.asax file from the Umbraco bin folder, and register your new module in your web.config file, making an entry for your new module under the httpmodules section AND the modules section.
You will now find you can log in as an admin user in the backend and browse the elmah logs, log out, and then see that elmah.axd is inaccessible in the site root.
using System;
using System.Web;
using umbraco.BusinessLogic;
public class ElmahRedirect : IHttpModule
{
public ElmahRedirect()
{
}
public void Init(HttpApplication application)
{
application.BeginRequest += (new EventHandler(this.Application_BeginRequest));
}
private void Application_BeginRequest(Object source, EventArgs e)
{
if (HttpContext.Current.Request.Url.AbsolutePath.ToLowerInvariant().Contains("elmah.axd"))
{
User current = User.GetCurrent();
if (current == null)
{
HttpContext.Current.Response.Redirect("~/a-problem-occurred.aspx");
}
}
}
void IHttpModule.Dispose()
{
}
}
is working on a reply...