Share via

[BUG] Azure APIM context.User null until Subscription tracing enabled

Darren Mason 21 Reputation points
2023-03-07T05:52:15.3233333+00:00

I have experienced an issue twice today with API Management on Developer tier in Australia Southeast. I'd like an explanation as to what's happening and why, as I believe it may be a bug in APIM.

Context

We have many Users and Subscriptions, with many created years ago. This instance is used for our Beta environment but we have another for production where we have not experienced the issue. I'm concerned that this may occur on production.

Request

The request is made with a valid Subscription linked to a User. The Subscription Name is displayed in the request log in Application Insights under Custom Properties. Tracing was previously enabled for the Subscription but has expired and this is noted in the Ocp-Apim-Trace-AuthorizationExpired response header. I note that for one Subscription tracing authorization had expired on 2023-02-23T15:40:11.0889292Z.

One of the first steps in our inbound policy is a cache lookup using the User associated with the request.

<cache-lookup-value key="@("{{PrefixNamedValue}}"+context.User.Id)" variable-name="x" />

This evaluation fails with the following exception indicating that context.User is null.

Message Expression evaluation failed. Object reference not set to an instance of an object.
Exception type ExpressionValueEvaluationFailure
Failed method cache-lookup-value

The result is a 500 Internal Server Error response to the client.

Accidental Solution

In order to further debug the problem I navigated to the Subscription in APIM and updated it to allow tracing.

All subsequent requests succeed. After the tracing authorization expires an hour later the issue does not reoccur.

Explanation?

I'd like to understand what is going wrong here.

There have been a number of changes to Subscriptions since I've worked with them, of note is the ability to allow tracing on an existing subscription for an hour. I wonder if this is somehow connected or the fix was just a side-effect to updating the Subscription.

I have checked the following Tutorial where I discovered the 1 hour authorization for tracing, but there are no guidelines relating to this issue.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,446 questions
0 comments
Accepted answer
  1. MayankBargali-MSFT 70,936 Reputation points Moderator
    2023-03-07T07:07:18.6+00:00

    Darren Mason Thanks for reaching out. This was the know issue if you has policy code that reads context.User object and after the recent upgrade context.User starts returning null causing API calls to fail.

    The workaround as you have performed was to make any "dummy" change to the subscription having issue via Azure portal (Edit subscription and press "Save"). The fix is already deployed, and you should not observe the issue now.

    In case if you are still facing the issue then please let me know so I can verify if the fix is deployed on your APIM instance.

    Please accept as "Yes" if the answer is helpful so that it can help others in the community. If you need any help/clarification/concerns/follow up questions, then please click on "Add Comment" on my answer and provide more details.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.