For painless integration of ELMAH into ASP.NET MVC application.
For details, please follow that blog post - ELMAH.MVC v.2.0 - Release Candidate
With ELMAH.MVC you got nice and clear MVC style routing to ELMAH error page. ELMAH can be accessed by:
By doing that, you can apply any authorization strategies or routes. In short, no more
That could be used for ASP.NET session hijacking with Google and ELMAH.
Easy. Install ELMAH by NuGet, in package console
For further ELMAH configuration please check the documentation.
If you tried to use ELMAH in ASP.NET MVC, you are probably implemented your own HandleErrorAttribute, as it's shown in this example. You no longer need to apply this custom code with Elmah.MVC. As soon you installed package, so can safely remove your HandleError attribute, since it's already included into package.
Yes, even in you configured application to use custom error pages, the exception will be logged.
There is a simple configuration section in web.config file.
<appSettings> <add key="elmah.mvc.disableHandler" value="false" /> <add key="elmah.mvc.disableHandleErrorFilter" value="false" /> <add key="elmah.mvc.requiresAuthentication" value="false" /> <add key="elmah.mvc.allowedRoles" value="*" /> <add key="elmah.mvc.allowedUsers" value="*" /> <add key="elmah.mvc.route" value="elmah" /> </appSettings>
elmah.mvc.disableHandler- turn on/off ELMAH.MVC handler
elmah.mvc.disableHandleErrorFilter- by default
HandleErrorAttribute()is set as global filter, to disable it, set value to "true"
elmah.mvc.requiresAuthentication- secure /elmah route with authentication
elmah.mvc.allowedRoles- in case of authentication is turned on, you can specify exact roles of user that have access (eg. "Admins")
elmah.mvc.allowedUsers- in case of authentication is turned on, you can specify exact users that have access (eg. "johndoe")
elmah.mvc.route- configure ELMAH.MVC access route
You can either disable handler or apply authentication, based on application roles.
You can also tweek the ELMAH default route. If you just install the package, ELMAH will be availabled at
/elmah, howether if you would like to change that, change
elmah.mvc.route, this setting is a MVC route prefix, used during ELMAH routes registration. For instance, if you change that to
secure/admin/errors you will get ELMAH at
You might change the
elmah.mvc.route to a custom one, but still able to see ELMAH reports at
/elmah. This issue is caused by the way how ASP.NET MVC matches controllers in separate namespaces. There are no good workaround for that (at least one I know), so if I makes a trouble to you, I recommend to reconsider the application, without using default route.
UPDATE: You might also consider ignoring
/elmah route explicitly as described here.
UPDATE 2: @chaoaretasty has added an option, to allow ignoring default role. Set
elmah.mvc.IgnoreDefaultRoute setting option to
- 09-Jul-2013 - v.2.1.1 fixes by @papci
- 01-Jul-2013 - v.2.1.0 user based authentication by @papci
- 02-Jun-2013 - v.2.0.3 ignoring default role by @chaoaretasty
- 06-Nov-2012 - v.2.0.2 flag to turn on/off default HandleErrorAttribute()
- 16-Aug-2012 - v.2.0.1 custom routes, VB.NET support
- 13-Jun-2012 - v.2.0 major changes, packed to class library, HandleError attribute etc.
- 11-Jan-2012 - minor style changes and readme correction
- 29-Aug-2011 - nuget package created
- 29-Aug-2011 - reimplemented controller to avoid usage of additional routing instructions