06-07-2013 11:46 AM
Production SalesLogix 7.5.4 hosted environment and we are seeing these errors several times a day. What is causing this and how do we fix it?
Event Type: Error
Event Source: SalesLogix Web Client
Event Category: None
Event ID: 0
Description: 2013-06-07 12:32:43,621  ERROR Sage.Platform.Application.UI.Web.ApplicationPage - Unhandled exception. System.ArgumentNullException: Value cannot be null. Parameter name: authToken at Sage.Platform.Application.Guard.ArgumentNotNull(Object argumentValue, String argumentName) at Sage.SalesLogix.SLXDataService.DecryptAuthToken(Object authToken) at Sage.SalesLogix.SLXDataService.GetConnectionString() at SlxClient.ActivityManagerPage.OnPreInit(EventArgs e)
06-11-2013 11:28 AM
This is an authentication token timeout... if someone doesn't interact with SLX for 15 minutes (or is it 10?) they are automatically logged out. The error is triggered when they try to access the page again with no authentication token.
06-12-2013 10:31 AM - edited 06-12-2013 10:31 AM
Thanks for the reply, Andy. This seems like a ludicrous thing to log to the event log.
Swiftpage, please chime in. How do I disable this from being logged? It clutters the event log and makes it seem like SalesLogix is a defect ridden application.
06-19-2013 03:36 PM
As it is an exception, this is the expected behavior. In 8.0 (in one of the HFs; not sure which one) it will be logged as a Warning; however, it is a different message now (AuthTokenNullException). In addition, most of these Warnings can be disabled in 8.x by setting the sage.platform.diagnostics.errorHelper-logAuthenticationRedirects appSettings.config value to "false".
07-01-2013 12:23 PM
Thanks Mike. I am glad to hear this is a setting now. My concern with disabling these notifications is that we would not be able to track down someone trying to brute force login, right?
I disagree that these are exceptions as this is behaving as designed - users have a timeout setting that auto logs them out. IMO the event log should only contain exceptions/warnings for unexpected cases. If they are expected, they arent exceptions.
Maybe the auth token should not be nullified but instead flagged as expired so the system could differentiate between legitimate user sessions that have timed out and someone trying to hit the system without a token? Just a thought...