【问题标题】:StackOverFlowException was unhandled in CustomAuthorize AuthorizeAttributeStackOverFlowException 在 CustomAuthorize AuthorizeAttribute 中未处理
【发布时间】:2012-08-04 13:04:04
【问题描述】:

我有一个名为 CustomAuthorize 的自定义授权程序,它继承了 AuthorizeAttribute,它只是根据特定于用户的各种因素来限制对某些控制器和资源的访问。但是,我在以下行中收到错误:

行:

受保护的覆盖函数 AuthorizeCore(httpContext As HttpContextBase) 作为布尔值

错误:

“System.StackOverflowException”类型的未处理异常 发生在 MyBlog.DLL 中

这是我的全部代码:

公共类 CustomAuthorize 继承 AuthorizeAttribute

Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean

    Dim authorized = AuthorizeCore(httpContext)

    ' if user is not authorized, restrict access
    If (authorized = False) Then

        Return False

    End If

    ' get user name
    Dim username = httpContext.User.Identity.Name

    ' get user
    Dim user = Membership.GetUser(username, True)

    ' get user's profile
    Dim db As UserProfileDbContext = New UserProfileDbContext
    Dim profile = db.UserProfiles.Where(Function(x) x.UserId = user.ProviderUserKey).Single

    ' TODO: if user doesn't have a profile, return false

    ' get route
    Dim routeData = httpContext.Request.RequestContext.RouteData

    ' get controller
    Dim controller = routeData.Values("controller").ToString

    ' get id
    Dim id = routeData.Values("id").ToString

    ' if no id is set, check to see if the user owns the requested entity (company or blog)
    If String.IsNullOrEmpty(id) = True Then

        If controller.ToLower = "blog" Or controller.ToLower = "article" Then

            If profile.IsCompanyOwner Or profile.IsBlogOwner = True Then

                ' if user is owner of a blog with no specified id, then it will default to their own blog
                Return True

            End If

        End If

    Else

        ' if controller = blog
        '       check for blog id

        If controller.ToLower = "blog" Then

            ' check to see if the user owns the company to which the blog belongs
            If profile.IsCompanyOwner Then

                ' get company from blog id
                Dim db1 As BlogDbContext = New BlogDbContext
                Dim blog = db1.Blogs.Where(Function(b) b.BlogId = id).Single()

                If blog.CompanyId = profile.CompanyId Then

                    Return True

                End If

            ElseIf profile.IsBlogOwner Then

                ' if user's blog id is the blog being requested, grant access
                If profile.BlogId = id Then

                    Return True

                End If

            End If

        End If

        ' if controller = article
        '       check for article blog id

        If controller.ToLower = "article" Then

            Dim db2 As ArticleDbContext = New ArticleDbContext
            Dim article = db2.Articles.Where(Function(a) a.ArticleId = id).Single
            Dim articleBlogId = article.BlogId

            ' check to see if the user owns the company to which the blog belongs
            If profile.IsCompanyOwner Then

                ' get company from blog id
                Dim db1 As BlogDbContext = New BlogDbContext
                Dim blog = db1.Blogs.Where(Function(b) b.BlogId = articleBlogId).Single()

                If blog.CompanyId = profile.CompanyId Then

                    Return True

                End If

            ElseIf profile.IsBlogOwner Then

                ' if user's blog id is the blog being requested, grant access
                If profile.BlogId = articleBlogId Then

                    Return True

                End If

            End If

        End If

    End If

    ' if we got this far, then the user shouldn't have access
    Return False

End Function

Protected Overrides Sub HandleUnauthorizedRequest(filterContext As AuthorizationContext)
    Dim result = New ViewResult()
    result.ViewName = "Error"
    result.ViewBag.ErrorMessage = "oops, you are not allowed"
    filterContext.Result = result
End Sub

结束类

如何解决此错误?谢谢。

【问题讨论】:

    标签: asp.net-mvc vb.net asp.net-mvc-3 entity-framework


    【解决方案1】:

    你的函数的第一行是Dim authorized = AuthorizeCore(httpContext)

    这一行将再次调用您的方法,并且该新调用的第一行将执行相同的操作,直到无限期。这会导致StackOverflowException

    【讨论】:

      【解决方案2】:

      我想你想拨打MyBase.AuthorizeCore

      所以你想改变这一行

      Dim authorized = AuthorizeCore(httpContext)
      

      Dim authorized = MyBase.AuthorizeCore(httpContext)
      

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2010-09-17
        相关资源
        最近更新 更多