1

ELMAH for MVC 支持以下 appsettings 配置

elmah.mvc.allowedRoles
elmah.mvc.allowedUsers

使用角色/用户保护 elmah 路由路径。显然,它适用于 Windows 或表单身份验证。但我无法使其适用于基于声明的身份验证。

这个事情谁有经验?

4

1 回答 1

1

我在网络配置中这样做

<elmah>
   <security allowRemoteAccess="true" />
   <errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="elmah-sqlserver" applicationName="Eers.Web"/>
</elmah>

再往下

 <location path="elmah">
    <system.web>
      <authorization>       
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="elmah.axd" inheritInChildApplications="false">
    <system.web>
      <httpHandlers>
        <add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
      </httpHandlers>
    </system.web>
    <system.webServer>
      <handlers>
        <add name="ELMAH" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" />
      </handlers>
    </system.webServer>
  </location>

如果您记下该节点,它就像 MVC 中的任何其他安全性一样工作。但它不适用于索赔。为此,您将不得不编写一个动作过滤器

  <authorization>       
     <allow users="*"/>
  </authorization>

这是我的动作过滤器

 public class ElmahRequestAuthorizationFilter : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {

        if (filterContext.IsChildAction) return;

        var controller = filterContext.RouteData.Values["controller"] as string;

        if (controller != null && controller.ToLowerInvariant() != "elmah") return;

        var authenticationComponent = GetAuthenticationInfo() // A method that will return us roles;

        var goodRoles = new List<string> {
            "TestRole",
            "ThirdLevelSupport",
            "Administrator"
        };

        var roles = authenticationComponent.Roles ?? new List<string>();

        var thouShaltPass = roles.Intersect(goodRoles).Any();

        if (!thouShaltPass)
        {
            throw new HttpException(404, "Not Found");
        }

    }
}
于 2014-10-07T03:15:44.893 回答