ASP.NET MVC5 application throws a NullReferenceException on authorization

Question

ASP.NET MVC5 application throws a NullReferenceException on authorization

I have an MVC5 application that throws a NullReferenceException on the production server when using the attribute [Authorize]on the controller. The application uses forms-based authentication.

The production server is Server 2008 SP 2 (.NET 4.5.1 and IIS 7).

Start stack trace:

[NullReferenceException: Object reference not set to an instance of an object.]
   System.Web.Mvc.AuthorizeAttribute.AuthorizeCore(HttpContextBase httpContext) +38
   System.Web.Mvc.AuthorizeAttribute.OnAuthorization(AuthorizationContext filterContext) +293
   System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +155

I can fix this by setting

<modules runAllManagedModulesForAllRequests="true">

However, I prefer not to use this sledgehammer method .

Is there a cleaner way to solve this problem?

+4

asp.net-mvc-5 forms-authentication httpmodule

dommer Jan 16 '14 at 18:45

source share

1 answer

Brian R. Mullin · Answer 1 · 2014-03-17T18:34:08+0000

IIS IIS Express . HttpContext.User.Identity AuthorizeAttribute.AuthorizeCore() (, NullReferenceException) - , .

, , . , FormsAuthenticationModule : preCondition="managedHandler" .

<system.webServer>
  <modules runAllManagedModulesForAllRequests="false">
    <remove name="FormsAuthentication" />
    <remove name="DefaultAuthentication" />
    <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="" />
    <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" preCondition="" />
  </modules>
</system.webServer>

ASP.NET MVC5 application throws a NullReferenceException on authorization

More articles: