Menu
I have [Authorize] attribute on the HomeController, whenever I am trying to access it, it throws a NullReferenceException
This is really kind of weird, because I have used [Authorize] many times before and it works just fine. Only difference in this case is this Application is hosted on our own Web Server using Windows 7 & IIS 7.5
Here is Stack Trace:
[NullReferenceException: Object reference not set to an instance of an object.]
System.Web.Mvc.AuthorizeAttribute.AuthorizeCore(HttpContextBase httpContext) +38
System.Web.Mvc.AuthorizeAttribute.OnAuthorization(AuthorizationContext filterContext) +160
System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +155
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +784976
System.Web.Mvc.Controller.ExecuteCore() +159
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +335 System.Web.Mvc.<>c_DisplayClassb.b_5() +62
System.Web.Mvc.Async.<>c_DisplayClass1.b_0() +20
System.Web.Mvc.<>c_DisplayClasse.b_d() +54
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +453 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +371
Edit:
While looking into code of AuthorizeCore method, it seems that AuthorizeCore is throwing NullReferenceException because it gets a NULL HttpContextBase.
Could it be possible? Because everything else in application is working just fine, like accessing database, creating auth cookie etc.
Edit 2:
This happen only after publishing it to Web Server. While development, it works absolutely fine from Visual Studio.
387
This attribute is useful when you want to use the Authorize attribute on a controller to protect all of the actions inside, but then there is this single action or one or two actions that you want to unprotect and allow anonymous users to reach that specific action.
[AllowAnonymous] bypasses all authorization statements. If you combine [AllowAnonymous] and any [Authorize] attribute, the [Authorize] attributes are ignored. For example if you apply [AllowAnonymous] at the controller level, any [Authorize] attributes on the same controller (or on any action within it) are ignored.
The Authorize attribute actually doesn't route anywhere; all it does is return a status code of 401 or 403 if the user is not authorized. The MVC framework takes over at that point and takes the appropriate steps to authorize the user based on the authentication scheme in use.
A NullReferenceException happens when you try to access a reference variable that isn't referencing any object. If a reference variable isn't referencing an object, then it'll be treated as null .
Issue was even more worse HttpContext was not even available in Controller's and Razor views. So, I reinstall ASP.NET v4.0 using aspnet_regiis -ir. And then used ASP.NET 4.0 pool which was created during registration instead of using DefaultAppPool.
And it started working fine. It also solve my another issue of overriding <modules runAllManagedModulesForAllRequests="true"/> in my application web.config.
92
In my case I was setting HttpContext.Current.User to null in one of the global.asax application events. When I let the User property unchanged the error disappeared.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
