search

albertocolom / elmah

Automatically exported from code.google.com/p/elmah
Apache License 2.0
0 stars 0 forks source link

Implement IReadOnlySessionState #47

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
I am interested in an enhancement.

I am using a custom principal\identity to store my user’s roles. I store 
the principal in session and on a new request restore the custom principal 
in Global.asax in the Application_AcquireRequestState event. 

I would like to secure Elmah. I see the suggested methodology is to use 
URL authorization but we do not use URL authorization. I would like to 
secure Elmah by looking at the roles stored in my custom principal but I 
cannot restore my principal from session because session state is not 
exposed by default in HttpHandlers.

Exposing session in an HttpHandler is simply a matter of implementing 
IReadOnlySessionState. IReadOnlySessionState is a marker interface so 
there is no coding involved in implementing the interface. 

Thanks for Elmah and for the consideration of my request.
Glenn

.ps If you ever were going to include session information in Elmah (issue 
12) you would need to do this anyway.

Original issue reported on code.google.com by glenn.br...@gmail.com on 28 Nov 2007 at 3:52

GoogleCodeExporter commented 8 years ago

Original comment by azizatif on 28 Nov 2007 at 4:06

GoogleCodeExporter commented 8 years ago 
This issue has been migrated to:
https://github.com/elmah/Elmah/issues/47
The conversation continues there.
DO NOT post any further comments to the issue tracker on Google Code as it is 
shutting down.
You can also just subscribe to the issue on GitHub to receive notifications of 
any further development.

Original comment by azizatif on 25 Aug 2015 at 8:15