Sorry, i cannot figure out how to add code in a comment, so i am just submitting another answer.
A couple of things I noticed.
You are doing this in your web.cofig:
Now, if that is setup correctly, when someone not in the administrator group tries to view the elmah page, it will give them an access denied message. There is no reason to check again in the global.asax.
Even if you MUST check in the global.asax for some reason, the place would not be application_BeginRequest
Here is a link to an article that may help you find the right method to use in the Global.asax