我有一个名为 CustomAuthorize 的自定义授权程序,它继承了 AuthorizeAttribute,它只是根据特定于用户的各种因素来限制对某些控制器和资源的访问。但是,我在以下行中收到错误:
该行:
Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean
错误:
MyBlog.DLL 中出现“System.StackOverflowException”类型的未处理异常
这是我的整个代码:
公共类 CustomAuthorize 继承 AuthorizeAttribute
Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean
Dim authorized = AuthorizeCore(httpContext)
' if user is not authorized, restrict access
If (authorized = False) Then
Return False
End If
' get user name
Dim username = httpContext.User.Identity.Name
' get user
Dim user = Membership.GetUser(username, True)
' get user's profile
Dim db As UserProfileDbContext = New UserProfileDbContext
Dim profile = db.UserProfiles.Where(Function(x) x.UserId = user.ProviderUserKey).Single
' TODO: if user doesn't have a profile, return false
' get route
Dim routeData = httpContext.Request.RequestContext.RouteData
' get controller
Dim controller = routeData.Values("controller").ToString
' get id
Dim id = routeData.Values("id").ToString
' if no id is set, check to see if the user owns the requested entity (company or blog)
If String.IsNullOrEmpty(id) = True Then
If controller.ToLower = "blog" Or controller.ToLower = "article" Then
If profile.IsCompanyOwner Or profile.IsBlogOwner = True Then
' if user is owner of a blog with no specified id, then it will default to their own blog
Return True
End If
End If
Else
' if controller = blog
' check for blog id
If controller.ToLower = "blog" Then
' check to see if the user owns the company to which the blog belongs
If profile.IsCompanyOwner Then
' get company from blog id
Dim db1 As BlogDbContext = New BlogDbContext
Dim blog = db1.Blogs.Where(Function(b) b.BlogId = id).Single()
If blog.CompanyId = profile.CompanyId Then
Return True
End If
ElseIf profile.IsBlogOwner Then
' if user's blog id is the blog being requested, grant access
If profile.BlogId = id Then
Return True
End If
End If
End If
' if controller = article
' check for article blog id
If controller.ToLower = "article" Then
Dim db2 As ArticleDbContext = New ArticleDbContext
Dim article = db2.Articles.Where(Function(a) a.ArticleId = id).Single
Dim articleBlogId = article.BlogId
' check to see if the user owns the company to which the blog belongs
If profile.IsCompanyOwner Then
' get company from blog id
Dim db1 As BlogDbContext = New BlogDbContext
Dim blog = db1.Blogs.Where(Function(b) b.BlogId = articleBlogId).Single()
If blog.CompanyId = profile.CompanyId Then
Return True
End If
ElseIf profile.IsBlogOwner Then
' if user's blog id is the blog being requested, grant access
If profile.BlogId = articleBlogId Then
Return True
End If
End If
End If
End If
' if we got this far, then the user shouldn't have access
Return False
End Function
Protected Overrides Sub HandleUnauthorizedRequest(filterContext As AuthorizationContext)
Dim result = New ViewResult()
result.ViewName = "Error"
result.ViewBag.ErrorMessage = "oops, you are not allowed"
filterContext.Result = result
End Sub
结束类
我该如何解决这个错误?谢谢你。