Elmah.MVC 2.0.1 - securing the elmah logs
-
14-07-2021 - |
题
Setup:
For an ASP.NET MVC 4 app I am using Elmah.MVC 2.0.1 to log errors.
I installed Elmah.MVC using NuGet. It works fine.
Problem:
The Elmah.MVC package installs no controller or area, so I can see no obvious way to apply security via Authorize attributes, as is recommended for ASP.NET MVC.
Question:
I only want users in the Admin role to be able to view the Elmah page.
How do I do this?
解决方案
Ouch!
Just found the answer;
Elmah MVC 2.0.1 NuGet package adds the following into <appSettings>
(in web.config):
<add key="elmah.mvc.requiresAuthentication" value="false" />
<add key="elmah.mvc.allowedRoles" value="*" />
To achieve what I want simply:
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="Admin" />
其他提示
I believe you can also use URL access control like this:
<location path="elmah.axd">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<allow roles="YourRole" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="ELMAH" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" />
</handlers>
</system.webServer>
</location>
不隶属于 StackOverflow