/elmah.axd 的请求如何仅限于 Umbraco管理员用户。
据我了解,Umbraco会员和角色提供商适用于Umbraco 会员但不适用于用户 - Umbraco用户帐户似乎没有用户名或角色(例如“Admins”)可以在web.config中使用,如下所示:
<location path="elmah.axd">
<system.web>
<authorization>
<allow roles="Admins" />
<deny users="*" />
</authorization>
</system.web>
</location>
这是在其他ASP.Net应用程序中保护ELMAH的推荐方法。
有人在Umbraco做过这件事吗?
答案 0 :(得分:6)
我通过创建一个HTTP模块拦截对elmah.axd的请求解决了这个问题,并且只授权Umbraco管理员查看它。继承模块代码:
namespace MyNamespace
{
using System;
using System.Configuration;
using System.Web;
using System.Web.Configuration;
using umbraco.BusinessLogic;
public class ElmahSecurityModule : IHttpModule
{
private HttpApplication _context;
public void Dispose()
{
}
public void Init(HttpApplication context)
{
this._context = context;
this._context.BeginRequest += this.BeginRequest;
}
private void BeginRequest(object sender, EventArgs e)
{
var handlerPath = string.Empty;
var systemWebServerSection = (HttpHandlersSection)ConfigurationManager.GetSection("system.web/httpHandlers");
foreach (HttpHandlerAction handler in systemWebServerSection.Handlers)
{
if (handler.Type.Trim() == "Elmah.ErrorLogPageFactory, Elmah")
{
handlerPath = handler.Path.ToLower();
break;
}
}
if (string.IsNullOrWhiteSpace(handlerPath) || !this._context.Request.Path.ToLower().Contains(handlerPath))
{
return;
}
var user = User.GetCurrent();
if (user != null)
{
if (user.UserType.Name == "Administrators")
{
return;
}
}
var customErrorsSection = (CustomErrorsSection)ConfigurationManager.GetSection("system.web/customErrors");
var defaultRedirect = customErrorsSection.DefaultRedirect ?? "/";
this._context.Context.RewritePath(defaultRedirect);
}
}
}
...和web.config:
<configuration>
<system.web>
<httpModules>
<add name="ElmahSecurityModule" type="MyNamespace.ElmahSecurityModule" />
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ElmahSecurityModule" type="MyNamespace.ElmahSecurityModule" />
</modules>
</system.webServer>
</configuration>
答案 1 :(得分:0)
我认为您必须修改ELMAH才能使其与Umbraco正确集成
这article可能就是你要找的东西