Configuring ELMAH on DiscountASP.NET
January 5, 2010This article will demonstrate the steps required to install and configure ELMAH for ASP.NET applications running on Windows 2008/IIS7 in Integrated mode. I have tested this process and have focused on installing it within the DiscountASP.NET IIS7 shared-hosting platform, but these instructions apply to any default IIS7 server in Integrated mode.
I’m going to roughly follow the ASP.NET MVC instructions to configure an ELMAH installation that will utilize 3 of the most common features, below.
- Error logging
- Error emailing
- Security module
Please note that MVC no longer requires additional setup (routing configuration) as mentioned in the official instructions – they were written back when MVC was in beta and didn’t ignore routes to .axd files. These instructions apply equally to an ASP.NET web forms application.
Installation steps
Step 1: Include latest Elmah.dll in your project
- Download and extract ELMAH-1.1-bin-x64.zip from http://code.google.com/p/elmah/
- Copy Elmah.dll from the \bin\net-3.5\Release folder to your asp.net website’s bin folder
Step 2: Basic Web.Config setup
The Web.Config will need to have an ELMAH sectionGroup added, ELMAH’s custom config section, and entries in the httpHandlers and httpModules sections.
1. Add the following ELMAH section group, including the security, errorLog, and errorMail sub-sections:
<sectionGroup name="elmah">
<section name="security" type="Elmah.SecuritySectionHandler, Elmah" />
<section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" />
<section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" />
</sectionGroup>
2. Add this to the <httpHandlers> section within <system.webServer>:
<add name="Elmah" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah"/>
3. Add this to the <httpModules> section within <system.webServer>:
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" /> <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
4. Add a section to configure ELMAH, somewhere outside of system.web. Here I am configuring the error logger by specifying a log path of ~/App_Data/Errors, the error emailer by defining some email attributes, and the security module by specifying that I want to allow remote access.
<elmah>
<errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/App_Data/Errors" />
<errorMail subject="elmah error" to="e@mail.com" from="postmaster@mysite.com" />
<security allowRemoteAccess="yes" />
</elmah>
Make sure your logPath directory structure exists in your application. ELMAH will throw an exception if it doesn’t exist.
Also, make sure you’ve properly set up your <mailSettings> Web.Config section, as ELMAH will use this to determine your smtp host, delivery method, etc.
Step 3: Testing
Configuration is complete for a basic, non-secure ELMAH installation. I manually caused an exception for testing purposes, and then loaded up /elmah.axd in the browser:
Step 4: Securing ELMAH from outsiders
The last thing that needs to be done is secure the elmah.axd handler – at this point, any anonymous user on your site could type in the url to it and see all of your errors, potentially gaining access to sensitive information about your application.
ELMAH has it’s own basic security by default. If I hadn’t configured the security module or left allowRemoteAccess=”false” then by default elmah.axd could only be viewed from the local host. This of course is not an option when on shared hosting, so we have to expose ELMAH to remote users and secure it another way: using the built in ASP.NET authorization.
Adding the following entry to the Web.Config is the final step. Here I am denying access to any anonymous user.
<location path="elmah.axd">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location
Done!
Now all you have to do is generate a few exceptions and confirm that the logging, emailing and security is working correctly!
Tags: elmah, discountasp.net, iis7
Categories: ASP.NET, IIS
