search

kristofferahl / FluentSecurity

Fluent Security configuration for ASP.NET MVC
MIT License
163 stars 47 forks source link

Key already exists in cache collection. #71

Open ghost opened 10 years ago

ghost commented 10 years ago

Hi, we are experiencing in v 2.0 and 2.1 the following error:

System.ArgumentException: An instance for key fa95097f-3493-4aa3-bffc-c363b5badd32 is already in the cache.
Parameter name: key
   at FluentSecurity.ServiceLocation.LifeCycles.ObjectCache.Set(Object key, Object instance)
   at FluentSecurity.ServiceLocation.Container.<ResolveObjects>d__3.MoveNext()
   at System.Linq.Enumerable.<CastIterator>d__b1`1.MoveNext()
   at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
   at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
   at FluentSecurity.Policy.ViolationHandlers.Conventions.PolicyViolationHandlerFilterConvention.GetHandlerFor(PolicyViolationException exception)
   at FluentSecurity.Policy.ViolationHandlers.PolicyViolationHandlerSelector.FindHandlerFor(PolicyViolationException exception)
   at FluentSecurity.SecurityHandler.<>c__DisplayClassa.<HandleSecurityFor>b__1()
   at FluentSecurity.Diagnostics.Publish.PublishEventWithTiming[TEvent,TResult](Func`1 action, Func`2 eventBuilder)
   at FluentSecurity.HandleSecurityAttribute.OnAuthorization(AuthorizationContext filterContext)
   at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<BeginInvokeAction>b__1e(AsyncCallback asyncCallback, Object asyncState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
   at System.Web.Mvc.Async.AsyncResultWrapper.Begin[TResult](AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout)
   at System.Web.Mvc.Async.AsyncResultWrapper.Begin[TResult](AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag)
   at System.Web.Mvc.Controller.<>c__DisplayClass1d.<BeginExecuteCore>b__17(AsyncCallback asyncCallback, Object asyncState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
   at System.Web.Mvc.Async.AsyncResultWrapper.Begin[TResult](AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout)
   at System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
   at System.Web.Mvc.Async.AsyncResultWrapper.Begin[TResult](AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout)
   at System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate endDelegate, Object tag)
   at System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state)
   at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.<BeginProcessRequest>b__2(AsyncCallback asyncCallback, Object asyncState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
   at System.Web.Mvc.Async.AsyncResultWrapper.Begin[TResult](AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout)
   at System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate endDelegate, Object tag)
   at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

This occurs when the app pool is first loaded (or recycled).. but then everything seems to work ok as far as the security is concerned. We only started catching these errors after implementing Elmah logging and capturing unhandled exceptions.

Do you know what is happening here?

Cheers, David.

kristofferahl commented 10 years ago

Hi David, This is the first issue reported related to caching so I haven't heard anything about this before. I'm not very familiar with Elmah so I don't really know what Elmah does that causes this to occur. For me to be able to help I would need to see your security configuration and a bit more info on where this error occurs. Is it only on a particular route or do you get this issue on every controller/action? You can send you're config to me at mail@fluentsecurity.net if you do not wish to share it here. / Kristoffer

ghost commented 10 years ago

Hi,

Thanks for your reply.

Seems we have worked out how this is happening. A session keep alive javascript is regularly pinging the website from the browser, but in the event that the app pool has been recycled (e.g. on publish or app pool settings) the session keep alive is essentially anonymous and FluentSecurity denys anonymous access to the controller action.. and it is at this point that we get the error from FluentSecurity – perhaps a key from when logged in clashes with that from the anonymous request?

Elmah is a Nuget package becoming popular for logging unhandled exceptions.. so it did not cause the error, just alerted us to the error happening. We were ignorant of this error occuring until installing Elmah.

If you have not come across this, no problem. I think we will essentially change the way we perform the session keep alive and just rely on the session timeout and therefore it will no longer be an issue. However, very much appreciate your response.

Cheers, David.

From: Kristoffer Ahl Sent: Thursday, December 19, 2013 9:03 PM To: kristofferahl/FluentSecurity Cc: yay4penguins Subject: Re: [FluentSecurity] Key already exists in cache collection. (#71)

Hi David, This is the first issue reported related to caching so I haven't heard anything about this before. I'm not very familiar with Elmah so I don't really know what Elmah does that causes this to occur. For me to be able to help I would need to see your security configuration and a bit more info on where this error occurs. Is it only on a particular route or do you get this issue on every controller/action? You can send you're config to me at mail@fluentsecurity.net if you do not wish to share it here. / Kristoffer

— Reply to this email directly or view it on GitHub.

kristofferahl commented 10 years ago

Since this issue seems to have been resolved I am closing it now. Please feel free to re-open it again if you feel it is still an issue.

kristofferahl commented 9 years ago

It seems this issue was a proper one after all. It seems the container is the villain and it should not be too hard to fix so the next release should have it fixed.

tiesont commented 9 years ago

I do see this error in my ELMAH logs, but I haven't experienced an app crash while using a site with either the current release version, or the WebAPI WIP version.

Need a beta tester? :)

kristofferahl commented 9 years ago

@tiesont The log messages you see, are they from when the application is starting up or do they occur at random when the app is running? Sure, any help with testing is appreciated! I'll make sure to ping you once I have a new package!

tiesont commented 9 years ago

@kristofferahl Seems like the latter. I can zip up some relevant logs if you want. Appears to happen roughly once per day, so maybe it's a startup error?

kristofferahl commented 9 years ago

@tiesont Thanks but I think we've got it covered and a fix is in the makings. I'll let you know when we have a package for it.

jrummell commented 6 years ago

Any updates on this? The latest package I see in nuget is 2.1.0, and I'm still seeing this exception. I'm happy to help, if you could point me in the right direction.

tiesont commented 6 years ago

@jrummell There is a set of unpublished packages that seemed to fix the duplicate key issue. It seems like they were generated using the develop branch. I've attached the packages if you want to use them:

FluentSecurityPackages.zip

jrummell commented 6 years ago

Thanks, @tiesont . I'll give that a go.

tiesont commented 6 years ago

@jrummell No problem. I haven't used Fluent Security recently, but those were some packages @kristofferahl gave me to test when he was last actively working on this project. Not sure if anyone has a more active fork. Kind of a shame - I really liked being able to setup my authorizations in one block of code, rather than decorating controllers and actions.