我通过创建一个 HTTP 模块来拦截对 elmah.axd 的请求,并仅授权 Umbraco 管理员查看它,从而解决了这个问题。下面是模块代码:
namespace MyNamespace
{
using System;
using System.Configuration;
using System.Web;
using System.Web.Configuration;
using umbraco.BusinessLogic;
public class ElmahSecurityModule : IHttpModule
{
private HttpApplication _context;
public void Dispose()
{
}
public void Init(HttpApplication context)
{
this._context = context;
this._context.BeginRequest += this.BeginRequest;
}
private void BeginRequest(object sender, EventArgs e)
{
var handlerPath = string.Empty;
var systemWebServerSection = (HttpHandlersSection)ConfigurationManager.GetSection("system.web/httpHandlers");
foreach (HttpHandlerAction handler in systemWebServerSection.Handlers)
{
if (handler.Type.Trim() == "Elmah.ErrorLogPageFactory, Elmah")
{
handlerPath = handler.Path.ToLower();
break;
}
}
if (string.IsNullOrWhiteSpace(handlerPath) || !this._context.Request.Path.ToLower().Contains(handlerPath))
{
return;
}
var user = User.GetCurrent();
if (user != null)
{
if (user.UserType.Name == "Administrators")
{
return;
}
}
var customErrorsSection = (CustomErrorsSection)ConfigurationManager.GetSection("system.web/customErrors");
var defaultRedirect = customErrorsSection.DefaultRedirect ?? "/";
this._context.Context.RewritePath(defaultRedirect);
}
}
}
...和 web.config:
<configuration>
<system.web>
<httpModules>
<add name="ElmahSecurityModule" type="MyNamespace.ElmahSecurityModule" />
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ElmahSecurityModule" type="MyNamespace.ElmahSecurityModule" />
</modules>
</system.webServer>
</configuration>