Custom authorization with ELMAH and ASP.NET Identity Framework

If you’re using any of the most recent ASP.NET MVC 5 project templates with authentication and authorization built in, then you’re probably using the ASP.NET Identity Framework. With any ASP.NET project, it’s smart to add references to the ELMAH library just in case any unhandled exceptions occur. You can use both of these libraries together to restrict access to the remote ELMAH page with custom authorization.

First, install the Elmah.MVC package from NuGet. This should download the correct libraries and add the necessary lines to your web.config.

<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="*" />
<add key="elmah.mvc.allowedUsers" value="your_user_name" />

Substitute the “your_user_name” entry with your own username that you’ve setup in the ASP.NET Identity Framework backend. For example, the AspNetUsers table in SQL Server contains your usernames. It appears that ELMAH does get the authentication information from the current thread principal, which the ASP.NET Identity Framework will establish on your behalf upon login.