Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Null reference exception in AntiForgery code
See original GitHub issueI’m getting logging events of Null Reference Exceptions thrown from this line in my production environment.
This code doesn’t look to have changed in a long time, and while I’m not getting any issues reported by my end users I am logging it happening around 4000 times a day.
Looking at the line I can’t really see any obvious candidates for things that could be null only some of the time, and I’ve been unable to replicate the problem in my local development environment with the debugger attached.
My best guess is that HttpContext.Current.Request must be null, possibly because the user caused the HTTP request to be cancelled at the client side before the AntiForgery code had executed, maybe it’s a side effect of the controller actions being async?
Would some null checks on the current context and request be reasonable here, or is there a better way to access cookies here, or does anyone have any other theories as to the cause?
Many thank Rob
System.NullReferenceException: Object reference not set to an instance of an object.
at Abp.Web.Mvc.Security.AntiForgery.AbpMvcAntiForgeryManager.IsValid(String cookieValue, String tokenValue) in D:\GitHub\aspnetboilerplate\src\Abp.Web.Mvc\Web\Mvc\Security\AntiForgery\AbpMvcAntiForgeryTokenManager.cs:line 57
at Abp.WebApi.Security.AntiForgery.AbpAntiForgeryApiFilter.<ExecuteAuthorizationFilterAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Abp.WebApi.Authorization.AbpApiAuthorizeFilter.<ExecuteAuthorizationFilterAsync>d__7.MoveNext() in D:\GitHub\aspnetboilerplate\src\Abp.Web.Api\WebApi\Authorization\AbpApiAuthorizeFilter.cs:line 70
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__6.MoveNext()```Issue Analytics
- State:
- Created 2 years ago
- Comments:15 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks, it’s weird that we’re not hitting that exception, but I guess maybe I will now with the changes in 7.1? Who knows, I’ll test more and report back if it’s still miss behaving.
Ahh, an extension method, I should have thought of that. Thanks for pointing it out.
Looking at the log again, it seems that it’s inside this method where it’s failing, I’m guessing the HttpContext.Current is the null here?
https://github.com/aspnetboilerplate/aspnetboilerplate/blob/059db7626b3642114b7a2ba7d15b6a14304640dd/src/Abp.Web.Mvc/Web/Mvc/Security/AntiForgery/AbpMvcAntiForgeryTokenManager.cs#L58
This trace is specifically from a webapi call, could it be that something somewhere along the line is working at cross purposes? I’ve not puzzled out enough of the flow here to know if there are separate paths for api and mvc calls, or if that could even be an issue here.