How to provide only Access for ELMAH.axd for Administrator login in web

后端未结

关注

 1  1835

粉色の甜心

I have created application and implemented ELMAH logging. In my site there are three types of users.

Admin : can everything (rights to view elamh.axd)

相关标签:

1条回答

暗喜

2021-01-05 06:09

If you're using Roles you can add this to your web.config:

<location path="~/elmah.axd">
    <system.web>
        <authorization>
            <allow roles="Admin" />
            <deny users="*" />
        </authorization>
    </system.web>
</location>

If you're not using roles you will have to specify each user you want to give access to:

<location path="~/elmah.axd">
    <system.web>
        <authorization>
            <allow users="user1, user2, user3" />
            <deny users="*" />
        </authorization>
    </system.web>
</location>

Update:

As you aren't using any of the built in authentication/authorisation and you don't have control of the elmah page you're going to have to handle the BeginRequest() event:

protected void Application_BeginRequest()
{
    if(Request.Url.AbsolutePath.ToLowerInvariant().Contains("elmah.axd"))
    {
        // Check if user can see elmah and handle unauthorised users (return 401/redirect to login page/etc...)
    }
}

0 讨论(0)