Created
January 16, 2014 05:38
-
-
Save caevyn/8450323 to your computer and use it in GitHub Desktop.
Filter out sensitive info before it ends up in ELMAH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public static class ElmahSensitiveDataFilter | |
{ | |
public static void Apply(ExceptionFilterEventArgs e, HttpContext ctx) | |
{ | |
var sensitiveFormData = ctx.Request.Form.AllKeys.GetSensitiveFormData(); | |
if (sensitiveFormData.Count == 0) | |
{ | |
return; | |
} | |
var error = new Error(e.Exception, ctx); | |
sensitiveFormData.ForEach(k => error.Form.Set(k, "*****")); | |
//we don't want to log the unmodified http context stuff so use the null context. | |
ErrorLog.GetDefault(null).Log(error); | |
e.Dismiss(); | |
} | |
public static List<string> GetSensitiveFormData(this string[] formKeys) | |
{ | |
return formKeys.Where(key => key.EndsWith("password", StringComparison.OrdinalIgnoreCase)).ToList(); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//In Global.asax.cs | |
protected void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e) | |
{ | |
var ctx = e.Context as HttpContext; | |
if (ctx == null) | |
{ | |
return; | |
} | |
ElmahSensitiveDataFilter.Apply(e, ctx); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment