elmah.mvc 2.0.2: elmah.mvc.allowedRoles not working in MVC3

[benmiller86]

For some reason i am not able to specify roles that should be allowed access to the error log. No matter what role i enter (i have Admin, Super and Test roles), my app just redirects to the login screen, which is the expected behaviour should i not be authorized. If i choose to allow all roles with the * it works just fine, but allows all roles when i need to restrict it to Super role only.

I have the following in my web.config file:

<add key="loginUrl" value="~/Login/" />
<add key="elmah.mvc.disableHandler" value="false" />
<add key="elmah.mvc.disableHandleErrorFilter" value="false" />
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="*" />
<add key="elmah.mvc.route" value="elmah" />

[alexbeletsky]

Thanks for submition! I'll take a look on that.

[jcoutch]

I just encountered this issue as well with the latest NuGet package. Have you had a chance to look into it?

[alexbeletsky]

@jcoutch sorry, I did not have a chance to look on this yet. The problem is somewhere here. Is that possible you check that out and if solution found submit a pull request?

That would be great contribution!

[ghost]

Hi,

I am facing the same issue.

Thanks, Deependra

[alexbeletsky]

@papci have you seen something similar?

[pehadavid]

I can try with a project that uses roles, and try to fix.

Edit : username based authentification works well here.

[alexbeletsky]

That would be just amazing help. Thanks!

[pehadavid]

I've just tested with my last commit, and roles seem to work well. Since i had to rewrite a part of authentication, maybe that has solved the problem. If not, i need more information on roles providers that have problems with elmah.mvc.

[alexbeletsky]

Is that possible you install 2.0.2 on same app, so we'll clear that latest version is fine.

[pehadavid]

you're right, that's the first thing i should have done :-)

[pehadavid]

2.0.2 works well here :/

I think it's a role provider issue. Maybe someone could give me his role provider implementation.

Edit : And .Net version too ;-)

[alexbeletsky]

Though so ;) thanks @papci

[alexbeletsky]

@benmiller86 @DeependraSinghChauhan guys could you please provide more details on this?

[javiergardella]

I'm having the same problem... Please help me!!

[javiergardella]

OK I figured out what was my problem.
I have in my base controller a code in the "OnAuthorization" method that set the rol to the user. It method occurred after "AuthorizeAttribute" execution, so my Looged user still have not any rol assigned yet.

My solution: I add a base controller in "Elmah.Mvc" with the same "OnAuthorization" method. That all! thank you!!

protected override void OnAuthorization(AuthorizationContext filterContext) { var cookieName = FormsAuthentication.FormsCookieName;

        if (filterContext.HttpContext.User.Identity.IsAuthenticated && filterContext.HttpContext.Request.Cookies != null && filterContext.HttpContext.Request.Cookies[cookieName] != null)
        {
            var authenticationTicket = FormsAuthentication.Decrypt(filterContext.HttpContext.Request.Cookies[cookieName].Value);

            if (authenticationTicket != null)
            {
                var roles = authenticationTicket.UserData.Split(';').Where(r => !string.IsNullOrEmpty(r)).ToArray();

                var userIdentity = new GenericIdentity(authenticationTicket.Name);
                var userPrincipal = new GenericPrincipal(userIdentity, roles);

                filterContext.HttpContext.User = userPrincipal;
            }
        }

        base.OnAuthorization(filterContext);
    }

[blackwej]

This still seems to be an issue, depending upon implementation of forms authentication. Anyone else?

[cjpit]

same here. ill just use user authentication for now

Im using a custom role auth provider and the likes so not sure if that might be why

[damiangreen]

anyone find a solution to this yet?

[JOBG]

In my case (MVC5 using the default AccountController / Microsoft.AspNet.Identity.Owin), Implementing this code worked, it seem like elmah get the role info from IPrincipal, which is not set by the default mvc AccountController Template:

https://stackoverflow.com/questions/3930885/setting-user-roles-in-controllers/3932883#3932883

protected void Application_OnPostAuthenticateRequest(Object sender, EventArgs e)
        {
            IPrincipal contextUser = Context.User;

            if (contextUser.Identity.AuthenticationType == "ApplicationCookie")
            {
                // determine role name
                var isAdmin = contextUser.IsInRole("YOURROLENAME");
                if (isAdmin)
                {
                    // attach to context
                    HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(User.Identity, new string[] { "YOURROLENAME" });
                    Thread.CurrentPrincipal = HttpContext.Current.User;
                }
            }
        }

[jviseur]

@alexbeletsky I have MVC5 using the default AccountController / Microsoft.AspNet.Identity.Owin web application and if I set the then when I attempt to access /elmah it produces the login screen instead. I have attempted what was suggested by JOBG but tht made no difference.

Are you able to help please?

Regards, John Viseur

[JOBG]

Hard to tell what is the issue, the above code did work on that time. I ll try to check the exact version of that particular project later today, its still working on production

[jviseur]

Thank you @JOBG.

What is interesting is that I get different results on my PC and in the Live/Test site.

On my PC, where I am developing the software, it wants me to login regardless if I am logged in or not. On the server it response is that I am not permitted to do that regardless if I am logged on or not or if the authorisation is on or off

[jviseur]

I have it now working properly on my PC. When not logged in it asks me to login and when logged in it displays the logs. However on the server when not logged in it asks me to login and when logged in it gives me a 403 error