If both the CSRF validation and the Session state is turned off, the pages containing AsyncUpload control will throw a null reference exception.
<appSettings>
<add key="Telerik.AsyncUpload.EnableCsrfValidation" value="false" />
</appSettings>
<system.web>
<sessionState mode="Off" />