这是场景......
用户输入他的用户名.键入"不正确"的密码.用户名和密码值都通过传递给Elmah错误日志Exception.Context.Request.Form["Password"].它是只读值,无法修改.
并且没有...我不想解雇异常(失败).我们以编程方式添加了ErrorLog Filtering:
void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
if (e.Exception is LogOnException)
{
((HttpContext) e.Context).Request.Form.Remove("Password");
// This is what we want to do, but we can't because it is read-only
}
}
但无法修改Request.Form,以便从我们的错误日志中隐藏密码.
有没有人遇到过这种方法?
我基本上想要没有密码字段的所有错误数据.我们考虑手动记录它,但与简单地隐藏敏感数据相比,这似乎是很多工作.
干杯伙计们.提前致谢.
我在Elmah中启用了错误日志过滤,并希望在ErrorLog_Filtering事件处理程序中以编程方式执行此操作.它在Visual Studio开发服务器下运行良好,但是一旦我进入IIS7(我的开发机器本地或我的Web服务器上的远程),就不会调用处理程序(错误日志记录工作正常).
这是我通常的web.config:
<configuration>
<configSections>
<sectionGroup name="elmah">
<section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah" />
<section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" />
<section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" />
<section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah" />
<section name="errorTweet" requirePermission="false" type="Elmah.ErrorTweetSectionHandler, Elmah" />
</sectionGroup>
</configSections>
<elmah>
<errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="ShopMvcConnectionString" />
</elmah>
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<httpModules>
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="Elmah.ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
<add name="Elmah.ErrorFilter" type="Elmah.ErrorFilterModule" …