StackOverFlowException了未處理的CustomAuthorize AuthorizeAttribute

Question

我有一個名爲CustomAuthorize定製的授權程序，繼承AuthorizeAttribute，簡單地限制訪問基於特定於用戶的各種因素，某些控制器和資源。不過，我得到以下行錯誤：

行：

Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean

錯誤：

An unhandled exception of type 'System.StackOverflowException' occurred in MyBlog.DLL

這裏是我的全部代碼：

公共類CustomAuthorize 繼承AuthorizeAttribute

Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean 

    Dim authorized = AuthorizeCore(httpContext) 

    ' if user is not authorized, restrict access 
    If (authorized = False) Then 

     Return False 

    End If 

    ' get user name 
    Dim username = httpContext.User.Identity.Name 

    ' get user 
    Dim user = Membership.GetUser(username, True) 

    ' get user's profile 
    Dim db As UserProfileDbContext = New UserProfileDbContext 
    Dim profile = db.UserProfiles.Where(Function(x) x.UserId = user.ProviderUserKey).Single 

    ' TODO: if user doesn't have a profile, return false 

    ' get route 
    Dim routeData = httpContext.Request.RequestContext.RouteData 

    ' get controller 
    Dim controller = routeData.Values("controller").ToString 

    ' get id 
    Dim id = routeData.Values("id").ToString 

    ' if no id is set, check to see if the user owns the requested entity (company or blog) 
    If String.IsNullOrEmpty(id) = True Then 

     If controller.ToLower = "blog" Or controller.ToLower = "article" Then 

      If profile.IsCompanyOwner Or profile.IsBlogOwner = True Then 

       ' if user is owner of a blog with no specified id, then it will default to their own blog 
       Return True 

      End If 

     End If 

    Else 

     ' if controller = blog 
     '  check for blog id 

     If controller.ToLower = "blog" Then 

      ' check to see if the user owns the company to which the blog belongs 
      If profile.IsCompanyOwner Then 

       ' get company from blog id 
       Dim db1 As BlogDbContext = New BlogDbContext 
       Dim blog = db1.Blogs.Where(Function(b) b.BlogId = id).Single() 

       If blog.CompanyId = profile.CompanyId Then 

        Return True 

       End If 

      ElseIf profile.IsBlogOwner Then 

       ' if user's blog id is the blog being requested, grant access 
       If profile.BlogId = id Then 

        Return True 

       End If 

      End If 

     End If 

     ' if controller = article 
     '  check for article blog id 

     If controller.ToLower = "article" Then 

      Dim db2 As ArticleDbContext = New ArticleDbContext 
      Dim article = db2.Articles.Where(Function(a) a.ArticleId = id).Single 
      Dim articleBlogId = article.BlogId 

      ' check to see if the user owns the company to which the blog belongs 
      If profile.IsCompanyOwner Then 

       ' get company from blog id 
       Dim db1 As BlogDbContext = New BlogDbContext 
       Dim blog = db1.Blogs.Where(Function(b) b.BlogId = articleBlogId).Single() 

       If blog.CompanyId = profile.CompanyId Then 

        Return True 

       End If 

      ElseIf profile.IsBlogOwner Then 

       ' if user's blog id is the blog being requested, grant access 
       If profile.BlogId = articleBlogId Then 

        Return True 

       End If 

      End If 

     End If 

    End If 

    ' if we got this far, then the user shouldn't have access 
    Return False 

End Function 

Protected Overrides Sub HandleUnauthorizedRequest(filterContext As AuthorizationContext) 
    Dim result = New ViewResult() 
    result.ViewName = "Error" 
    result.ViewBag.ErrorMessage = "oops, you are not allowed" 
    filterContext.Result = result 
End Sub 

末級

我怎樣才能解決這個問題？謝謝。

Answer 1

我想你要撥打的MyBase.AuthorizeCore。

所以，你要改變這一行

Dim authorized = AuthorizeCore(httpContext) 

到

Dim authorized = MyBase.AuthorizeCore(httpContext) 

Answer 2

你的函數的第一行是Dim authorized = AuthorizeCore(httpContext)

這條線將再次撥打您的方法，和第一線新的電話會做同樣的事情，無限的。這導致StackOverflowException。