How to provide only Access for ELMAH.axd for Administrator login in web

问题

I have created application and implemented ELMAH logging. In my site there are three types of users.

Admin : can everything (rights to view elamh.axd)

User : can have own rights (can't view elamh.axd)

Guest : only view (can't view elamh.axd)

The above user will be stored in Database.

Probelm:- Now how could i manage protection level for User and Guest to view ELMAH.axd log file?

回答1:

If you're using Roles you can add this to your web.config:

<location path="~/elmah.axd">
    <system.web>
        <authorization>
            <allow roles="Admin" />
            <deny users="*" />
        </authorization>
    </system.web>
</location>

If you're not using roles you will have to specify each user you want to give access to:

<location path="~/elmah.axd">
    <system.web>
        <authorization>
            <allow users="user1, user2, user3" />
            <deny users="*" />
        </authorization>
    </system.web>
</location>

Update:

As you aren't using any of the built in authentication/authorisation and you don't have control of the elmah page you're going to have to handle the BeginRequest() event:

protected void Application_BeginRequest()
{
    if(Request.Url.AbsolutePath.ToLowerInvariant().Contains("elmah.axd"))
    {
        // Check if user can see elmah and handle unauthorised users (return 401/redirect to login page/etc...)
    }
}

来源：https://stackoverflow.com/questions/7005389/how-to-provide-only-access-for-elmah-axd-for-administrator-login-in-web