Error Handling with Elmah in ASP.NET

Elmah provides application-wide error logging and can be easily installed via NuGet. Using Elmah keeps you from having to write your own error handling logic, provides you with email, RSS, and web-based error notifications, and best of all, it is quick and easy to use.  You can read more about Elmah at the project site. This post will show you how to get Elmah up and running, as well as how to enable some useful features in 4 easy steps:

  1. Install Elmah
  2. Log the errors in a SQL database
  3. Show the error only to authenticated users in certain roles
  4. Filter out specific errors and also forward certain errors to custom error pages

Step 1: Install Elmah

Open your NuGet package manager (Tools -> Library Package Manager -> Package Manager Console) and type:

PM> Install-Package elmah

That's it. Elmah is working!

Right now it will log errors in memory. To test it, launch your project and go to http://localhost/elmah.axd (i.e. your root directory + /elmah.axd). Now let's put those errors in a database.

Step 2: Make Elmah Log to your SQL Database

You COULD install another package for a quick version of SQL logging (install-package elmah.sqlservercompact), but if you have your own database and you just want to plug Elmah into it, here is how. In your web.config, you'll notice when you installed Elmah, it added the necessary handlers as well as a few other sections. In the <elmah> section, add:

<security allowremoteaccess="true" />
<errorlog connectionstringname="yourDBOString" type="Elmah.SqlErrorLog, Elmah" />

Your database will need one table and three SPROCs in order to work. The links below will open the create-scripts as text files in a new window:

  1. ELMAH_Error (table)
  2. ELMAH_GetErrorsXml (SPROC)
  3. ELMAH_GetErrorXml (SPROC)
  4. ELMAH_LogError (SPROC)

Elmah should be logging into your SQL table. Now, let's keep everyone from seeing your errors.

Step 3: Secure Elmah

Go to your web.config and there should be a section like:

<location path="elmah.axd" inheritInChildApplications="false">

Inside that, in <system.web>, there should be a commented out section to handle authorization. Uncomment it out or add it:

<authorization>
    <allow roles="Admin"/>
    <deny users="*"/>
</authorization>

This assumes you have an Admin role. If you'd like to see how to setup roles using your own Role Provider, leave a comment below.

Almost done!

Step 4: Error Filtering and Custom Error Pages

Through error filtering, we can choose to ignore certain types of errors and/or redirect the user to a custom error page. There are a few ways to do this in the config file. Here is how to do it in your global.ascx file if you are more comfortable working in code.

In your global.ascx (ensure you are using Elmah;) add the following function:

void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
    /*
    Run whatever logic you want based on your specific criteria. e.Exception will get you the exception that occurred. You could detect a certain error and redirect them to a custom error page, or you can use e.Dismiss() if you don't want to see the error in your Elmah log.

    If you choose to dismiss the error, you should also consider searching for the same error in the Application_Error function and use Server.ClearError() if you want to keep it out of Windows Error Reporting. Use this with caution! You don't want to hide unexpected errors.
    */
}

Happy Coding.