In ELMAH with MVC 3, How can I hide sensitive form data from the error log?

Question

Here is the scenario...

User types his username. Types an \"incorrect\" password. Both username and password values are being passed to the Elmah error log via the

Answer 1

Catch the exception, then log something in ELMAH manually, like this:

catch (LogOnException e)
{
     Elmah.ErrorSignal.FromCurrentContext().Raise(new Exception("Bad Password"));
}

Answer 2

You can't modify the form collection on the request but you can modify the form collection on an Elmah Error isntance and then manually log it. I.e.

public static class ElmahSensitiveDataFilter
{
  public static void Apply(ExceptionFilterEventArgs e, HttpContext ctx)
  {
    var sensitiveFormData = ctx.Request.Form.AllKeys
            .Where(key => key.Equals("password", StringComparison.OrdinalIgnoreCase)).ToList();
    if (sensitiveFormData.Count == 0)
    {
      return;
    }
    var error = new Error(e.Exception, ctx);
    sensitiveFormData.ForEach(k => error.Form.Set(k, "*****"));
    Elmah.ErrorLog.GetDefault(null).Log(error);
    e.Dismiss();
  }
}

Then in Global.asax

void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
    var ctx = e.Context as HttpContext;
    if(ctx == null)
    {
      return;
    }
    ElmahSensitiveDataFilter.Apply(e, ctx);
}

Answer 3

You can't do this unless you modify the source itself. You could certainly modify the configuration and add the notion of an "Excluded Form Elements" to that, then when the Error class copies the collection from the HttpContext, you can remove any items in that list.

Another alternative would be to use something else, obviously, that provides more explicit control over the logging process like EntLib or log4net. It's trivial to write a module or global exception handler to utilize either one of those tools. Moreover, they are relevant in scopes outside of web applications.