So this is the second blogpost I’m writing about Umbraco, ELMAH and authentication.
My previous blogpost wasn’t really good, because with forms-authentication authenticated members could also access elmah, which is not the way to go. So I’ve dropped MADAM.
This time I’ve managed to get both forms-authentication for umbraco and basic/windows-authentication for ELMAH. The trick is to create a subfolder called ‘elmah’, which we’ll convert to an application and enable basic/windows-authenticatioin for this app.
This is kind of tricky, because all web.config configurations will be inherited by the web.config for any sub-application. Also ELMAH filters the errors in the database based on the current Application string property, for example “/LM/W3SVC/24/ROOT”, but if you configure the elmah.axd handler in a sub-application, the application for the handler will be “/LM/W3SVC/24/ROOT/elmah” and you won’t see any logged errors of the main application.
To overcome this I had to make changes to ELMAH’s source code. I’ve cloned the Mercurial repo and changed some files. This way it’ll be easy to keep it up-to-date without losing my changes. There’s one extra thing I’ve changed; I’ve disabled logging the current user’s password, because of privacy reasons.
A step-by-step guide to get ELMAH and umbraco to play nicely side-by-side:
- Download this zipfile (which contains 3 other zip files)
- Unzip the file ‘1. elmah.zip‘ in the root of your project and include the whole folder in Visual Studio (so it’ll get deployed with WebDeploy)
- Unzip the file ‘2. elmah assemblies.zip‘ somewhere in your project, where all third party assemblies reside and optionally add a reference in Visual Studio (if you’d like to use Error Signalling and if you’re using something like WebDeploy)
- Unzip the file ‘3. sqlce assemblies.zip‘ in the root of your project and include both folders in Visual Studio. Inside VS select all files underneath the AMD64 and X86 folders and go to their properties. Set ‘Build action’ to ‘None’ and ‘Copy to Output Directory’ to ‘Copy if newer’ (screenshot below)
- Add the following to your web.config:
<remove invariant=”System.Data.SqlServerCe.4.0″ />
<add name=”Microsoft SQL Server Compact Data Provider 4.0″ invariant=”System.Data.SqlServerCe.4.0″ description=”.NET Framework Data Provider for Microsoft SQL Server Compact” type=”System.Data.SqlServerCe.SqlCeProviderFactory, System.Data.SqlServerCe, Version=220.127.116.11, Culture=neutral, PublicKeyToken=89845dcd8080cc91″ />
- Add the following to your web.config (inside the runtimeassemblyBinding element):
<assemblyIdentity name=”System.Data.SqlServerCe” publicKeyToken=”89845dcd8080cc91″ culture=”neutral” />
<bindingRedirect oldVersion=”0.0.0.0-18.104.22.168″ newVersion=”22.214.171.124″ />
- If you were using ELMAH already in your project, remove any elmah.axd handlers in your web.config
- If you’ve registered none-umbraco httpModules, please add them to the removal list in ~elmahweb.config so they won’t be loaded for the ELMAH sub-application
- Open IIS Manager and navigate to your website underneath ‘Sites’. Expand you site so you’ll see the directories underneath it and right-click the ‘elmah’ folders and select ‘Convert to Application’ and select the AppPool your site is running in
- Next make sure this newly created sub-application is selected in the tree and open up ‘Authentication’. Enable ‘Basic Authentication’ and you’re ready to start logging and reading errors!
The ELMAH page can be accessed by navigating to ‘/elmah/’ or just ‘/elmah/elmah.axd’.
The SQL CE error log database will be stored in ‘~/App_Data/’. You could monitor the size of this file as it will grow to max 1024MB.