Welcome to the Glimpse Documentation! Here we hope to introduce you to the various tutorials, concepts and APIs you might need when discovering and using Glimpse.
Glimpse determines if it should execute for a given request by executing the registered "Runtime Policies" and asking each in turn.
As mentioned, to make sure Glimpse doesn’t show possibly sensitive diagnostic data, it leverages Runtime Policies. These authorizes or prevents the Glimpse Runtime from returning the aggregated data or even from running in the first place – all of this is determined per request.
An example of this is the Glimpse cookie. This is what drives the “Turn Glimpse On” button in the
glimpse.axd and is checked by the
ControlCookiePolicy. That said, it is not used to prevent access to aggregated data but rather to inform the Glimpse Runtime whether or not it should collect information during the execution of a request.
All is not lost however. Glimpse is secure by default because it registers, out of the box, the
LocalPolicy is a runtime policy that checks whether or not a request has been made from the local machine and if this is not the case, then Glimpse will not aggregate data and certainly not return (previously) aggregated data. This is also the policy that must be ignored in the
web.config if you would like to get Glimpse diagnostics from a remote server.
Now if you remove the
LocalPolicy, then basically everything is out in the open. There is nothing protecting you from having Glimpse gathering diagnostics and returning this to the person making the request. You could disable Glimpse completely in the
web.config by setting the
defaultRuntimePolicy="Off" in the glimpse config section, but then there is not much for you to personally get either.
So you need to replace the
LocalPolicy with your own custom security policy. This sounds harder than it is – usually only a few lines of code are involved. There might already be an example of such a policy in your project (albeit commented out) if you installed the
Glimpse.AspNet NuGet package, just look for a file named
Are you interested in learning more about creating your own Runtime Policies and controlling when Glimpse runs for in your system (i.e. only if "Administrator" is logged on or some other arbitrary logic)? It really is quite easy.
These policies are part of the core
Glimpse package, and so are always part of a Glimpse installation. They are not specific to any web development framework.
Glimpse.AspNet package adds these policy to Glimpse: