Asp.net mvc CustomAuthorization属性中未处理StackOverFlowException
我有一个名为CustomAuthorize的自定义授权程序,它继承AuthorizeAttribute,该属性仅根据用户特定的各种因素限制对某些控制器和资源的访问。但是,我在以下行中得到一个错误: 该行: 受保护的覆盖功能AuthorizeCore(httpContext As HttpContextBase)作为布尔值 错误: “System.StackOverflowException”类型的未处理异常 发生在MyBlog.DLL中 这是我的全部代码: 公共类客户授权 继承属性Asp.net mvc CustomAuthorization属性中未处理StackOverFlowException,asp.net-mvc,vb.net,asp.net-mvc-3,entity-framework,Asp.net Mvc,Vb.net,Asp.net Mvc 3,Entity Framework,我有一个名为CustomAuthorize的自定义授权程序,它继承AuthorizeAttribute,该属性仅根据用户特定的各种因素限制对某些控制器和资源的访问。但是,我在以下行中得到一个错误: 该行: 受保护的覆盖功能AuthorizeCore(httpContext As HttpContextBase)作为布尔值 错误: “System.StackOverflowException”类型的未处理异常 发生在MyBlog.DLL中 这是我的全部代码: 公共类客户授权 继承属性 Protec
Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean
Dim authorized = AuthorizeCore(httpContext)
' if user is not authorized, restrict access
If (authorized = False) Then
Return False
End If
' get user name
Dim username = httpContext.User.Identity.Name
' get user
Dim user = Membership.GetUser(username, True)
' get user's profile
Dim db As UserProfileDbContext = New UserProfileDbContext
Dim profile = db.UserProfiles.Where(Function(x) x.UserId = user.ProviderUserKey).Single
' TODO: if user doesn't have a profile, return false
' get route
Dim routeData = httpContext.Request.RequestContext.RouteData
' get controller
Dim controller = routeData.Values("controller").ToString
' get id
Dim id = routeData.Values("id").ToString
' if no id is set, check to see if the user owns the requested entity (company or blog)
If String.IsNullOrEmpty(id) = True Then
If controller.ToLower = "blog" Or controller.ToLower = "article" Then
If profile.IsCompanyOwner Or profile.IsBlogOwner = True Then
' if user is owner of a blog with no specified id, then it will default to their own blog
Return True
End If
End If
Else
' if controller = blog
' check for blog id
If controller.ToLower = "blog" Then
' check to see if the user owns the company to which the blog belongs
If profile.IsCompanyOwner Then
' get company from blog id
Dim db1 As BlogDbContext = New BlogDbContext
Dim blog = db1.Blogs.Where(Function(b) b.BlogId = id).Single()
If blog.CompanyId = profile.CompanyId Then
Return True
End If
ElseIf profile.IsBlogOwner Then
' if user's blog id is the blog being requested, grant access
If profile.BlogId = id Then
Return True
End If
End If
End If
' if controller = article
' check for article blog id
If controller.ToLower = "article" Then
Dim db2 As ArticleDbContext = New ArticleDbContext
Dim article = db2.Articles.Where(Function(a) a.ArticleId = id).Single
Dim articleBlogId = article.BlogId
' check to see if the user owns the company to which the blog belongs
If profile.IsCompanyOwner Then
' get company from blog id
Dim db1 As BlogDbContext = New BlogDbContext
Dim blog = db1.Blogs.Where(Function(b) b.BlogId = articleBlogId).Single()
If blog.CompanyId = profile.CompanyId Then
Return True
End If
ElseIf profile.IsBlogOwner Then
' if user's blog id is the blog being requested, grant access
If profile.BlogId = articleBlogId Then
Return True
End If
End If
End If
End If
' if we got this far, then the user shouldn't have access
Return False
End Function
Protected Overrides Sub HandleUnauthorizedRequest(filterContext As AuthorizationContext)
Dim result = New ViewResult()
result.ViewName = "Error"
result.ViewBag.ErrorMessage = "oops, you are not allowed"
filterContext.Result = result
End Sub
末级
如何修复此错误?谢谢。我想你应该打电话给
MyBase.AuthorizeCore
所以你想改变这条线
Dim authorized = AuthorizeCore(httpContext)
到
函数的第一行是
Dim authorized=AuthorizeCore(httpContext)
这一行将再次调用您的方法,新调用的第一行将无限地执行相同的操作。这会导致堆栈溢出异常
Dim authorized = MyBase.AuthorizeCore(httpContext)