保护ELMAH RSS在ASP.NET网站供稿 [英] Securing Elmah RSS Feeds in ASP.NET website

问题描述

我跟着这个问题的答案<一个href=\"http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website\">http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website为限制访问ELMAH处理程序。然而，似乎添加RSS提要展望URL elmah.axd / RSS或elmah.axd / digestrss绕过身份验证。什么是固定的处理程序，如果有人能猜到的RSS网址并订阅错误日志的饲料？

I followed the answer to this question http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?

推荐答案

我矿安全与角色在web.config：

I secure mine in the web.config with a role:

<location path="elmah.axd">
    <system.web>
        <authorization>
            <allow roles="SUPER_DUPER_ADMIN"/> 
            <deny users="*"/> 
        </authorization>
    </system.web>
</location>

这篇关于保护ELMAH RSS在ASP.NET网站供稿的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！