StackOverFlowException了未处理的CustomAuthorize AuthorizeAttribute

Question

我有一个名为CustomAuthorize定制的授权程序，继承AuthorizeAttribute，简单地限制访问基于特定于用户的各种因素，某些控制器和资源。不过，我得到以下行错误：

行：

Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean

错误：

An unhandled exception of type 'System.StackOverflowException' occurred in MyBlog.DLL

这里是我的全部代码：

公共类CustomAuthorize 继承AuthorizeAttribute

Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean 

    Dim authorized = AuthorizeCore(httpContext) 

    ' if user is not authorized, restrict access 
    If (authorized = False) Then 

     Return False 

    End If 

    ' get user name 
    Dim username = httpContext.User.Identity.Name 

    ' get user 
    Dim user = Membership.GetUser(username, True) 

    ' get user's profile 
    Dim db As UserProfileDbContext = New UserProfileDbContext 
    Dim profile = db.UserProfiles.Where(Function(x) x.UserId = user.ProviderUserKey).Single 

    ' TODO: if user doesn't have a profile, return false 

    ' get route 
    Dim routeData = httpContext.Request.RequestContext.RouteData 

    ' get controller 
    Dim controller = routeData.Values("controller").ToString 

    ' get id 
    Dim id = routeData.Values("id").ToString 

    ' if no id is set, check to see if the user owns the requested entity (company or blog) 
    If String.IsNullOrEmpty(id) = True Then 

     If controller.ToLower = "blog" Or controller.ToLower = "article" Then 

      If profile.IsCompanyOwner Or profile.IsBlogOwner = True Then 

       ' if user is owner of a blog with no specified id, then it will default to their own blog 
       Return True 

      End If 

     End If 

    Else 

     ' if controller = blog 
     '  check for blog id 

     If controller.ToLower = "blog" Then 

      ' check to see if the user owns the company to which the blog belongs 
      If profile.IsCompanyOwner Then 

       ' get company from blog id 
       Dim db1 As BlogDbContext = New BlogDbContext 
       Dim blog = db1.Blogs.Where(Function(b) b.BlogId = id).Single() 

       If blog.CompanyId = profile.CompanyId Then 

        Return True 

       End If 

      ElseIf profile.IsBlogOwner Then 

       ' if user's blog id is the blog being requested, grant access 
       If profile.BlogId = id Then 

        Return True 

       End If 

      End If 

     End If 

     ' if controller = article 
     '  check for article blog id 

     If controller.ToLower = "article" Then 

      Dim db2 As ArticleDbContext = New ArticleDbContext 
      Dim article = db2.Articles.Where(Function(a) a.ArticleId = id).Single 
      Dim articleBlogId = article.BlogId 

      ' check to see if the user owns the company to which the blog belongs 
      If profile.IsCompanyOwner Then 

       ' get company from blog id 
       Dim db1 As BlogDbContext = New BlogDbContext 
       Dim blog = db1.Blogs.Where(Function(b) b.BlogId = articleBlogId).Single() 

       If blog.CompanyId = profile.CompanyId Then 

        Return True 

       End If 

      ElseIf profile.IsBlogOwner Then 

       ' if user's blog id is the blog being requested, grant access 
       If profile.BlogId = articleBlogId Then 

        Return True 

       End If 

      End If 

     End If 

    End If 

    ' if we got this far, then the user shouldn't have access 
    Return False 

End Function 

Protected Overrides Sub HandleUnauthorizedRequest(filterContext As AuthorizationContext) 
    Dim result = New ViewResult() 
    result.ViewName = "Error" 
    result.ViewBag.ErrorMessage = "oops, you are not allowed" 
    filterContext.Result = result 
End Sub 

末级

我怎样才能解决这个问题？谢谢。

Answer 1

我想你要拨打的MyBase.AuthorizeCore。

所以，你要改变这一行

Dim authorized = AuthorizeCore(httpContext) 

到

Dim authorized = MyBase.AuthorizeCore(httpContext) 

Answer 2

你的函数的第一行是Dim authorized = AuthorizeCore(httpContext)

这条线将再次拨打您的方法，和第一线新的电话会做同样的事情，无限的。这导致StackOverflowException。