问题描述
我有一个名为CustomAuthorize定制的授权程序,继承AuthorizeAttribute,简单地限制访问基于特定于用户的各种因素,某些控制器和资源。然而,我在下面的行得到一个错误:
I have a custom authorize program called CustomAuthorize that inherits AuthorizeAttribute that simply restricts access to certain controllers and resources based on various factors specific to the user. However, I get an error on the following line:
行:
受保护的覆盖功能AuthorizeCore(HttpContext的作为
HttpContextBase)为布尔
错误:
类型的未处理的异常'System.StackOverflowException'
发生在MyBlog.DLL
下面是我的整个code:
Here's my whole code:
公共类CustomAuthorize
继承AuthorizeAttribute
Public Class CustomAuthorize Inherits AuthorizeAttribute
Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean
Dim authorized = AuthorizeCore(httpContext)
' if user is not authorized, restrict access
If (authorized = False) Then
Return False
End If
' get user name
Dim username = httpContext.User.Identity.Name
' get user
Dim user = Membership.GetUser(username, True)
' get user's profile
Dim db As UserProfileDbContext = New UserProfileDbContext
Dim profile = db.UserProfiles.Where(Function(x) x.UserId = user.ProviderUserKey).Single
' TODO: if user doesn't have a profile, return false
' get route
Dim routeData = httpContext.Request.RequestContext.RouteData
' get controller
Dim controller = routeData.Values("controller").ToString
' get id
Dim id = routeData.Values("id").ToString
' if no id is set, check to see if the user owns the requested entity (company or blog)
If String.IsNullOrEmpty(id) = True Then
If controller.ToLower = "blog" Or controller.ToLower = "article" Then
If profile.IsCompanyOwner Or profile.IsBlogOwner = True Then
' if user is owner of a blog with no specified id, then it will default to their own blog
Return True
End If
End If
Else
' if controller = blog
' check for blog id
If controller.ToLower = "blog" Then
' check to see if the user owns the company to which the blog belongs
If profile.IsCompanyOwner Then
' get company from blog id
Dim db1 As BlogDbContext = New BlogDbContext
Dim blog = db1.Blogs.Where(Function(b) b.BlogId = id).Single()
If blog.CompanyId = profile.CompanyId Then
Return True
End If
ElseIf profile.IsBlogOwner Then
' if user's blog id is the blog being requested, grant access
If profile.BlogId = id Then
Return True
End If
End If
End If
' if controller = article
' check for article blog id
If controller.ToLower = "article" Then
Dim db2 As ArticleDbContext = New ArticleDbContext
Dim article = db2.Articles.Where(Function(a) a.ArticleId = id).Single
Dim articleBlogId = article.BlogId
' check to see if the user owns the company to which the blog belongs
If profile.IsCompanyOwner Then
' get company from blog id
Dim db1 As BlogDbContext = New BlogDbContext
Dim blog = db1.Blogs.Where(Function(b) b.BlogId = articleBlogId).Single()
If blog.CompanyId = profile.CompanyId Then
Return True
End If
ElseIf profile.IsBlogOwner Then
' if user's blog id is the blog being requested, grant access
If profile.BlogId = articleBlogId Then
Return True
End If
End If
End If
End If
' if we got this far, then the user shouldn't have access
Return False
End Function
Protected Overrides Sub HandleUnauthorizedRequest(filterContext As AuthorizationContext)
Dim result = New ViewResult()
result.ViewName = "Error"
result.ViewBag.ErrorMessage = "oops, you are not allowed"
filterContext.Result = result
End Sub
末级
如何解决这个问题?谢谢你。
How can I fix this error? Thank you.
推荐答案
我觉得你要拨打的 MyBase.AuthorizeCore 。
所以,你要改变这一行
Dim authorized = AuthorizeCore(httpContext)
到
Dim authorized = MyBase.AuthorizeCore(httpContext)
这篇关于StackOverFlowException在CustomAuthorize AuthorizeAttribute未处理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!