I noticed some interesting behavior relating to the Application_AcquireRequestState event handler in the global.asax. In this handler I have placed code similar to what is done in the ProjectTracker project for handling the persistence of a CustomIdentity.
It seems that when you have an aspx page with AJAX that needs WebResource.axd files async calls are made to the Application_AcquireRequestState event handler. When this occurs, HttpContext.Current.Session is null so if you try to just place the Csla.ApplicationContext.User into session without first checking that the session is not null, you get a null ref exception and some fun things can happen with the AJAX/UI.
I placed a check to ensure the session is not null before I try to populate it to avoid the null ref exception, and that works. It is interesting to see how many extra round trips are make with certain AJAX controls...that then result in many database calls for authentication on each page request.
Just wanted to share this behavior in case people are getting errors accessing resources via AJAX (this may just be a result of certain controls being placed in an update panel...something to watch for).
This issue has come up before. Placing the check for Null session is the correct resolution. I think multiple httphandlers cause AcquireRequestState to be called more than once too. That may have been the original issue.
Copyright (c) Marimer LLC