在 SharePoint 中使用 SqlErrorLog 访问 Elmah.axd,而不将用户添加到数据库

发布于 2024-08-18 09:01:53 字数 700 浏览 7 评论 0原文

我已在我的个人 SharePoint 开发环境中安装/配置了 Elmah,一切运行良好,因为我以管理员身份登录等。我正在使用 MS Sql Server 错误日志。 (我还使用 log4net 来处理 DEBUG/INFO/etc 级别的日志记录,日志语句也存储在数据库,与 ELMAH 位于同一个表中。)

但是,在实际的开发服务器(不是我的个人环境)上,当我访问 http://example/elmah.axd 我收到错误“用户‘NT AUTHORITY\ANONYMOUS LOGON’登录失败”。我知道这是“双跳问题”的传统错误,但我什至不希望传递我的凭据 - 我只想使用应用程序池身份的凭据进行数据库访问。使用 SP 对象模型时,SPSecurity.RunWithElevatedPrivileges 可用;但是,我不想修改 Elmah 源代码。

我的生产环境不允许使用 SQL Server 身份验证,将模拟更改为 false,或者直接授予自己对数据库的权限。

我怎样才能让它发挥作用?我错过了什么吗?

I have installed/configured Elmah on my personal SharePoint dev environment and everything works great since I'm logged in as admin, etc. I am using the MS Sql Server Error Log. (I am also using log4net to handle DEBUG/INFO/etc level logging and log statements are also stored in the db, in the same table as ELMAH's.)

However, on the actual dev server (not my personal environment), when I access http://example/elmah.axd I get the error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'". I understand that this is the traditional error for the "double-hop problem" but I don't even want my credentials to be passed along - I would just like the database access to be made with the credentials of the Application Pool Identity. When using the SP object model the SPSecurity.RunWithElevatedPrivileges is available; however, I do not want to modify the Elmah source.

My production environment precludes the use of SQL Server authentication, changing impersonation to false, or giving myself permissions on the db directly.

How can I get this to work? Am I missing something?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

悍妇囚夫 2024-08-25 09:01:53

我的生产环境不允许
使用 SQL Server 身份验证,
将模拟更改为 false,或者
授予自己对数据库的权限
直接。

那么你别无选择,只能修改 Elmah 源码。对不起。

这与双跳问题关系不大,而与 ASP.NET 中的模拟机制记录不全有关。根据 这篇文章,显然 导致 ASP.NET 模拟默认的 IIS 匿名帐户 (IUSR_machinename)。 SharePoint 需要这个,但它对您尝试访问远程数据库没有任何好处,因此显然您需要做一些事情。

是的,根据 在本文中,您必须编辑 Elmah 源代码并创建一个从抽象类 ErrorLog 派生的新类。然后,这个新类充当原始 SqlErrorLog 类的包装器,并在 RWEP 块中运行其方法。如下:

public class SqlErrorLogWEP : ErrorLog
{
    private SqlErrorLog sqlErrorLog;

    public SqlErrorLogWEP(IDictionary config)
    {
        sqlErrorLog = new SqlErrorLog(config);
    }

    public SqlErrorLogWEP(string connectionString)
    {
        sqlErrorLog = new SqlErrorLog(connectionString);
    }

    public override string Log(Error error)
    {
        string retVal = String.Empty;
        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            retVal = sqlErrorLog.Log(error);
        });

        return retVal;
    }

    public override ErrorLogEntry GetError(string id)
    {
        ErrorLogEntry retVal = default(ErrorLogEntry);

        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            retVal = sqlErrorLog.GetError(id);
        });

        return retVal;
    }

    public override int GetErrors(int pageIndex, int pageSize, System.Collections.IList errorEntryList)
    {
        int retVal = -1;

        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            retVal = sqlErrorLog.GetErrors(pageIndex, pageSize, errorEntryList);
        });

        return retVal;
    }
}

不用说,您现在需要在 Elmah 项目中引用 SharePoint,并且您的 Elmah.dll 需要进行 GAC 处理。我自己测试过这个并且有效。祝你好运。

My production environment precludes
the use of SQL Server authentication,
changing impersonation to false, or
giving myself permissions on the db
directly.

Then you have no choice but to modify the Elmah source. Sorry.

This has less to do with the double hop problem and more to do with the poorly documented mechanism of impersonation in ASP.NET. According to this article, apparently <identity impersonate="true" /> causes ASP.NET to impersonate the default IIS anonymous account (IUSR_machinename). SharePoint needs this but it does you no good trying to access a remote database, so there is obviously something you need to do.

Yep, according to this article you must edit the Elmah source code and create a new class deriving from the abstract class ErrorLog. This new class then acts as a wrapper around the original SqlErrorLog class and runs its methods in a RWEP block. Here it is:

public class SqlErrorLogWEP : ErrorLog
{
    private SqlErrorLog sqlErrorLog;

    public SqlErrorLogWEP(IDictionary config)
    {
        sqlErrorLog = new SqlErrorLog(config);
    }

    public SqlErrorLogWEP(string connectionString)
    {
        sqlErrorLog = new SqlErrorLog(connectionString);
    }

    public override string Log(Error error)
    {
        string retVal = String.Empty;
        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            retVal = sqlErrorLog.Log(error);
        });

        return retVal;
    }

    public override ErrorLogEntry GetError(string id)
    {
        ErrorLogEntry retVal = default(ErrorLogEntry);

        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            retVal = sqlErrorLog.GetError(id);
        });

        return retVal;
    }

    public override int GetErrors(int pageIndex, int pageSize, System.Collections.IList errorEntryList)
    {
        int retVal = -1;

        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            retVal = sqlErrorLog.GetErrors(pageIndex, pageSize, errorEntryList);
        });

        return retVal;
    }
}

It goes without saying that you will now need to reference SharePoint in the Elmah project and your Elmah.dll will need to be GACed. I've tested this myself and it works. Good luck.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文