I'd like to use Glimpse for our prod site, but I want to limit who can turn it on. This is mentioned here, but currently our site does not have a login, nor is set up for Windows Authentication. Can I restrict access via IP address? Also, if I turn glimpse on who will see the results on the page? Just me or everyone?
You have to create a custom runtime policy. It's actually pretty trivial. Here's a quick and dirty mod to the sample runtime policy in the Glimpse docs that only allows a particular IP:
using Glimpse.AspNet.Extensions;
using Glimpse.Core.Extensibility;
namespace Users.Web.Application.Namespace
{
public class GlimpseSecurityPolicy:IRuntimePolicy
{
public RuntimePolicy Execute(IRuntimePolicyContext policyContext)
{
var httpContext = policyContext.GetHttpContext();
if (httpContext.Request.UserHostAddress == "123.123.123.123")
return RuntimePolicy.Off;
return RuntimePolicy.On;
}
public RuntimeEvent ExecuteOn
{
get { return RuntimeEvent.EndRequest; }
}
}
}