Implement IReadOnlySessionState

[GoogleCodeExporter]

I am interested in an enhancement.

I am using a custom principal\identity to store my user’s roles. I store 
the principal in session and on a new request restore the custom principal 
in Global.asax in the Application_AcquireRequestState event. 

I would like to secure Elmah. I see the suggested methodology is to use 
URL authorization but we do not use URL authorization. I would like to 
secure Elmah by looking at the roles stored in my custom principal but I 
cannot restore my principal from session because session state is not 
exposed by default in HttpHandlers.

Exposing session in an HttpHandler is simply a matter of implementing 
IReadOnlySessionState. IReadOnlySessionState is a marker interface so 
there is no coding involved in implementing the interface. 

Thanks for Elmah and for the consideration of my request.
Glenn

.ps If you ever were going to include session information in Elmah (issue 
12) you would need to do this anyway.

Original issue reported on code.google.com by glenn.br...@gmail.com on 28 Nov 2007 at 3:52

[GoogleCodeExporter]

Original comment by azizatif on 28 Nov 2007 at 4:06

• Added labels: Component-Logic, Type-Enhancement
• Removed labels: Type-Defect