Search code examples
asp.netauthorizationinformixelmahasp.net-roles

Secure the web site according to the roles?


I use ELMAH locally and I wanna to use it in the production environment. When I search, I found the following:

Recall that in the ELMAH configuration's section we set the allowRemoteAccess attribute to 0, which prohibits remote users from viewing the error log. It's important to prohibit anonymous visitors from viewing the error log, as the error details might reveal security vulnerabilities or other sensitive information. If you decide to set this attribute to 1 and enable remote access to the error log then it is important to lock down the elmah.axd path so that only authorized visitors can access it. This can be achieved by adding a element to the Web.config file.

I wanna enable remote access, so according to the same article, I should do the following:

 <location path="elmah.axd">
  <system.web>
  <authorization>
  <allow roles="Admin" />
  <deny users="*" />
  </authorization>
  </system.web>  
  </location>

My question is:

  • I use Informix database, so how to handle the role idea when logging in, according to Informix?

  • And if I wanna to store the log data should I use sql server or mysql data base, because I didn't find the informix database required in ELMAH downloads?


Solution

  • I use informix database, so how to handle the role idea when logining,according to the informix?

    You will have to write a custom Role Provider that use your Informix database. You can start here

    And if i wanna to store the log data should i use sql server or mysql data base, because i didn't find the informix database required in ELMAH downloads?

    You can use XmlErrorLog. Which saves logs as XML files.