The examples for restricting access to the mini-profiler resources all happen in the Application_Start method which is confusing since this will globally turn on/off the profiler for everyone based on the access of the 1st person to access the site.
Later on in the examples, they show how to abandon profiler info based on each request which is enabling it globally then denying per request but this doesn't work on the /results-index page.
Is there a way to only allow access the /results-index page per request, or to abandon this info/page in a similar way?
How I do it:
Have all controllers inherit from a common BaseController class.
In BaseController, override Initialize:
protected override void Initialize(RequestContext requestContext)
{
if (requestContext.HttpContext.User == null || !requestContext.HttpContext.User.IsInRole(KnownRoles.Developer.ToString()))
{
MiniProfiler.Stop(discardResults: true);
}
base.Initialize(requestContext);
}
Edit: You can restrict access to the miniprofiler history page in your web.config:
<location path="mini-profiler-resources">
<system.web>
<authorization>
<allow roles="Developer"/>
<deny users="*" />
</authorization>
</system.web>
</location>
This will allow only users with the "Developer" role to access that page.