Jon*_*onH 5 security elmah umbraco
如何将/elmah.axd的请求限制为Umbraco管理员用户.
我的理解是,Umbraco成员和角色提供者适用于Umbraco 成员但不适用于用户 --Umbraco用户帐户似乎没有可以在web.config中使用的用户名或角色(例如"Admins") :
<location path="elmah.axd">
<system.web>
<authorization>
<allow roles="Admins" />
<deny users="*" />
</authorization>
</system.web>
</location>
这是在其他ASP.Net应用程序中保护ELMAH的推荐方法.
有人在Umbraco这样做过吗?
我通过创建一个HTTP模块拦截对elmah.axd的请求解决了这个问题,并且只授权Umbraco管理员查看它.继承模块代码:
namespace MyNamespace
{
using System;
using System.Configuration;
using System.Web;
using System.Web.Configuration;
using umbraco.BusinessLogic;
public class ElmahSecurityModule : IHttpModule
{
private HttpApplication _context;
public void Dispose()
{
}
public void Init(HttpApplication context)
{
this._context = context;
this._context.BeginRequest += this.BeginRequest;
}
private void BeginRequest(object sender, EventArgs e)
{
var handlerPath = string.Empty;
var systemWebServerSection = (HttpHandlersSection)ConfigurationManager.GetSection("system.web/httpHandlers");
foreach (HttpHandlerAction handler in systemWebServerSection.Handlers)
{
if (handler.Type.Trim() == "Elmah.ErrorLogPageFactory, Elmah")
{
handlerPath = handler.Path.ToLower();
break;
}
}
if (string.IsNullOrWhiteSpace(handlerPath) || !this._context.Request.Path.ToLower().Contains(handlerPath))
{
return;
}
var user = User.GetCurrent();
if (user != null)
{
if (user.UserType.Name == "Administrators")
{
return;
}
}
var customErrorsSection = (CustomErrorsSection)ConfigurationManager.GetSection("system.web/customErrors");
var defaultRedirect = customErrorsSection.DefaultRedirect ?? "/";
this._context.Context.RewritePath(defaultRedirect);
}
}
}
...和web.config:
<configuration>
<system.web>
<httpModules>
<add name="ElmahSecurityModule" type="MyNamespace.ElmahSecurityModule" />
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ElmahSecurityModule" type="MyNamespace.ElmahSecurityModule" />
</modules>
</system.webServer>
</configuration>