Sorry, i cannot figure out how to add code in a comment, so i am just submitting another answer.
A couple of things I noticed.
You are doing this in your web.cofig:
<pre>
<location path="~/elmah.axd">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</pre>
Now, if that is setup correctly, when someone not in the administrator group tries to view the elmah page, it will give them an access denied message. There is no reason to check again in the global.asax.
Try changing:
<pre>
<location path="~/elmah.axd">
</pre>
To:
<pre>
<location path="elmah.axd">
</pre>
Even if you MUST check in the global.asax for some reason, the place would not be application_BeginRequest
Here is a link to an article that may help you find the right method to use in the Global.asax
http://stackoverflow.com/questions/3072768/net-application-beginrequest-how-to-get-user-reference