System.ArgumentOutOfRangeException: Length cannot be less than zero. Parameter name: length

So we just wired up our app to Azure Application Insights, and we are seeing an abnormally high number of these errors. Any ideas?

System.ArgumentOutOfRangeException:
   at System.String.Substring (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at ServiceStack.Host.HttpRequestAuthentication.GetBasicAuth (ServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=nullServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Host\HttpRequestAuthentication.csServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: 51)
   at ServiceStack.Host.HttpRequestAuthentication.GetBasicAuthUserAndPassword (ServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=nullServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Host\HttpRequestAuthentication.csServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: 56)
   at ServiceStack.Auth.ApiKeyAuthProvider.PreAuthenticate (ServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=nullServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\ApiKeyAuthProvider.csServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: 232)
   at ServiceStack.AuthenticateAttribute.PreAuthenticateAsync (ServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=nullServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\AuthenticateAttribute.csServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: 103)
   at ServiceStack.AuthenticateAttribute+<ExecuteAsync>d__12.MoveNext (ServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=nullServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\AuthenticateAttribute.csServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: 72)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at ServiceStack.ServiceStackHost+<ApplyRequestFiltersSingleAsync>d__330.MoveNext (ServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=nullServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\ServiceStackHost.Runtime.csServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: 167)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at ServiceStack.ServiceStackHost+<ApplyRequestFiltersAsync>d__329.MoveNext (ServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=nullServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\ServiceStackHost.Runtime.csServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: 132)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at ServiceStack.Host.RestHandler+<ProcessRequestAsync>d__14.MoveNext (ServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=nullServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Host\RestHandler.csServiceStack, Version=5.0.0.0, Culture=neutral, PublicKeyToken=null: 92)

Do you have an example HTTP Request Header when this occurs?

No, that’s the weird thing, it is happening in the background somewhere. We don’t even have this many user requests going through the system at the moment. As for system / user functionality, everything appears to be working normally.

These errors just continue to grow in our application insights dashboard.

image

The StackTrace shows it’s originating from a RestHandler i.e. the result of a HTTP Request. I’d still like to know what Authorization header is causing this Exception but I’ve added additional guards when parsing the Authorization Header in this commit.

This change is available in the latest v5.7.1 release on MyGet.

Ty Sir!

I guess that makes two of us, as we have no clue where this HTTP Request is originating from, what’s in it, or where it’s going to.

And while our application insights exposed this error, it doesn’t give us any more information regarding it’s origination or destination.

Ok, I think we have found the cause of this issue.

In this post you recommended putting “Ignore” in the Request.Items to ignore any incoming bearer tokens.

This caused the issue when trying to do the Substring(0,-1) here:
image

My workaround was to use httpReq.Items[Keywords.Authorization] = “Ignore Ignore” but I think this fix should be on your side so that setting to a simple “Ignore” works as you expected it to.

The commit I I’ve added above already has the necessary guards:

Perfect! As soon as AWS releases NetCore3.1, we are on it.

Unfortunately there is an issue that shows up in Lambda running SS5.7 w/ netCore2.1, so we are stuck running SS 5.6. until the 3.1 image is released.