How to secure Elmah with ServiceStack

StackOverflow https://stackoverflow.com/questions/21380023

Pergunta

Since Elmah relies on ASP.NET security the following web.config section does not work with ServiceStack authorizations:

<location path="admin">
<system.web>
  <httpHandlers>
    <add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
  </httpHandlers>
  <authorization>
    <deny users="?"/>
  </authorization>
</system.web>

So, what is the best practice to lock elmah.axd to everyone except administrators users?

Foi útil?

Solução

When you run ServiceStack with MVC you should typically define ServiceStack to pick up the requests to a custom location such as api using <location path="api">.

See here for setup instructions:

Therefore ServiceStack won't handle requests to other locations and as such the location path <location path="admin"> will be outside the path handled by ServiceStack, so the Authentication of your elmah.axd will be handled by IIS. So IIS will authenticate as per usual.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top