保护ELMAH RSS在ASP.NET网站供稿 [英] Securing Elmah RSS Feeds in ASP.NET website
问题描述
我跟着这个问题的答案<一个href=\"http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website\">http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website为限制访问ELMAH处理程序。然而,似乎添加RSS提要展望URL elmah.axd / RSS或elmah.axd / digestrss绕过身份验证。什么是固定的处理程序,如果有人能猜到的RSS网址并订阅错误日志的饲料?
I followed the answer to this question http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?
推荐答案
我矿安全与角色在web.config:
I secure mine in the web.config with a role:
<location path="elmah.axd">
<system.web>
<authorization>
<allow roles="SUPER_DUPER_ADMIN"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
这篇关于保护ELMAH RSS在ASP.NET网站供稿的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!