c# - In ELMAH with MVC 3, How can I hide sensitive form data from the error log?

Question

Here is the scenario...

User types his username. Types an "incorrect" password. Both username and password values are being passed to the Elmah error log via the Exception.Context.Request.Form["Password"]. It's a read-only value and cannot be modified.

And no... I don't want to dismiss the exception (fail). We added ErrorLog Filtering programmatically:

void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
  if (e.Exception is LogOnException)
  {
    ((HttpContext) e.Context).Request.Form.Remove("Password");
    // This is what we want to do, but we can't because it is read-only
  }
}

But cannot modify the Request.Form so that the password is hidden from our error log.

Anybody ever encountered a way around this?

I basically want all the error data without the password field. We considered logging it manually but that seemed to be a lot of work compared to simply hiding the sensitive data.

Cheers guys. Thanks in advance.

Answer 1

You can't modify the form collection on the request but you can modify the form collection on an Elmah Error isntance and then manually log it. I.e.

public static class ElmahSensitiveDataFilter
{
  public static void Apply(ExceptionFilterEventArgs e, HttpContext ctx)
  {
    var sensitiveFormData = ctx.Request.Form.AllKeys
            .Where(key => key.Equals("password", StringComparison.OrdinalIgnoreCase)).ToList();
    if (sensitiveFormData.Count == 0)
    {
      return;
    }
    var error = new Error(e.Exception, ctx);
    sensitiveFormData.ForEach(k => error.Form.Set(k, "*****"));
    Elmah.ErrorLog.GetDefault(null).Log(error);
    e.Dismiss();
  }
}

Then in Global.asax

void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
    var ctx = e.Context as HttpContext;
    if(ctx == null)
    {
      return;
    }
    ElmahSensitiveDataFilter.Apply(e, ctx);
}