How can I restrict remote access to Elmah?

Question

With Elmah installed on our dev web server .. can we restrict who remotely accesses it? Even f we hardcode the username/passwords (hashed?) or is it only via IP?

Answer 1

I know it's a bit late, but for future reference there's more to it than just opening access through allowRemoteAccess. I really got under the skin of securing ELMAH, while writing this blog post ELMAH security and allowRemoteAccess explained a couple of months ago.

I don't think that any of the answers on this question are wrong, but there are more options available, depending on the technologies used. If running ASP.NET, securing through authorization element is definitely the way to go. A lot of people are running MVC these days, though. Alexander Beletsky wrote an excellent package called Elmah.MVC. Using this package, makes all of the problems using ELMAH from MVC simply go away. And when using that package, securing ELMAH is easy as well, using a number of custom app settings like this: