“install-package elmah” is the easiest way to get started with elmah. One of the important and easily forgotten considerations is to secure it. Recently I came across a situation where I had to secure elmah on a web application running in VB.net and using 4.0 framework and ofcourse custom forms authentication 😀
If anyone is interested in the debate of why secure elmah give it a read
One of the easiest and simplest way to secure elmah is to use roles and users in web.config. But besides there is also one interesting solution by Phil Haack
However, if you are in a situation where you do not want to have an elmah.axd running on all locations and just want to see elmah exceptions under an admin application then give the following a read
But hey the problem is still how to secure it. How to restrict access and redirect to some login page already in the application if someone tries to access elmah.axd at an unknown location known to you.
The answer is that you need to create a module in your application and pass this custom handler to another handler implementing SessionState.
Now you can make use of the global.asax and check for the usual session variables under an event like Application_PreRequestHandlerExecute and make sure that only authenticated user accesses the elmah.axd
Hope this helps!