0

I am trying to figure out why the following code failed the null check and throw the exception after some time, and I am yet to determin what's the reason for the timeout, which I think it is the reason I got the exception message, it's normally happens in the morning next day or after lunch break. But I am still yet able to reliably replicate issue.

var prePage = Page.PreviousPage as BasePage;

if (prePage != null)
{
   PageSessionField = prePage.PageSessionField;
}
else
{
   throw new Exception("Null previous page session exception.");
}

my first guess it the sessionState timeout:

<sessionState cookieless="UseCookies" mode="InProc" timeout="20" useHostingIdentity="false" />

But I tried to change the timeout value to for example minimum number 1, but it mostly don't throw the exception as expected.

Otherwise, the Application pool settings in IIS: idle timeout and recycling settings all looks OK to me.

IIS Application pool config section

Update:

  1. I've managed to replicate the issue by waiting 30 minutes and comes back and refresh the page, and will get the exception caused by Page.PreviousPage is null.

  2. It's looks like timeout is caused by Owin code which are useing Cookie authentication.

  3. Looks like something to do with AD FS token expired, see my answer for the evidence I gathered.

Paul L
  • 2,240
  • 5
  • 36
  • 55
  • Have you tried to modify timeexpirespan in your application? If it doesn't fix the problem, it sounds like application pool get recycled for some reason. – Jokies Ding Apr 21 '20 at 02:42
  • @JokiesDing, you mean `Cookie​Authentication​Options.​Expire​Time​Span`? I was thinking along the line of the application pool, but it's unlikely as when I encounter the issue myself, there is no entry in Event log about application pool recycle. – Paul L Apr 21 '20 at 05:23

1 Answers1

0

I think it's because of the ADFS token we are using for authentication got expired, and after it expired, our website will request another token and after re-direct from the ADFS server during the re-authenticate process, the PreviousPage is lost as it's essentially re-direct rather than the server transfer.

I can confirm that by looking at the TokenLifeTime by execute power shell on the ADFS server:

Get-AdfsRelyingPartyTrust -Name "relying_party"

And I got this: enter image description here

Apparently 0 means 60 minutes.

And I also managed to capture the Fiddler session with the Token Response form the ADFS server:

&lt;wsu:Expires xmlns:wsu=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd&quot;>2020-04-21T01:50:36.830Z&lt;/wsu:Expires>

Which is one hour after create the token.

I even play around to reduce the TokentLifetime to 5 minutes or something using:

Set-ADFSRelyingPartyTrust -Targetname "relying_party" -TokenLifetime 5

Which will reduce the time out session to 5 minutes as expected.

But I still can't get the issue replicated 100% of the time.

Update: I later found this link: so there three timeout settings on ADFS server alone could affecting the timeout I encountered

Paul L
  • 2,240
  • 5
  • 36
  • 55