J
Jonathan Trevor
Hi,
We're using the IExtractImage interface from behind a .NET web service to
generate thumbnails for various files in our network (windows domain).
Impersonating etc. is all ok - if a user logs into the web service we can
open the file, delete the file, etc. Everything behaves as expected.
However, we cannot generate thumbnails for Powerpoint (etc) using
IExtractImage if the user is not a local admin on that server machine,
receiving a win32 error code which corresponds to "Access denied". If the
user logging into the web service is given *local* admin rights on the
server, then the IExtractImage succeeds for any file (local or networked).
However thats not something we want to do!
I'm really unsure what the problem is. No matter whether the user is local
admin or not, they can do everything with the domain accessible files (UNC
identified) they would normally be able to do. In the thumbnail code
everything seems on track - we get the PIDLs ok, getlocation returns fine
but the final extract image call (in the impersonated process) on the
IExtractImage interface returns "Access denied" - and the error goes away
when local admin rights are granted on the server for that user (so nothing
to do with network permissions).
I have several thoughts on the issue but no real idea which is correct or
how to go about addressing the hypotheses:
(a) some temporary file is being created on the server machine by the
Extract call
(b) that the GDI is being (presumably) used to create the bitmap (handle
returned by the Extract call) and somehow the Extract thread can't create it
(c) there is some side-effect of being in the local admin group which is
necessary
I thought that some threading issue may be to blame (Extract running under a
different COM thread) but that doesn't really correlate with the problem
going away when the user is made local admin.
Thoughts?
Jonathan
We're using the IExtractImage interface from behind a .NET web service to
generate thumbnails for various files in our network (windows domain).
Impersonating etc. is all ok - if a user logs into the web service we can
open the file, delete the file, etc. Everything behaves as expected.
However, we cannot generate thumbnails for Powerpoint (etc) using
IExtractImage if the user is not a local admin on that server machine,
receiving a win32 error code which corresponds to "Access denied". If the
user logging into the web service is given *local* admin rights on the
server, then the IExtractImage succeeds for any file (local or networked).
However thats not something we want to do!
I'm really unsure what the problem is. No matter whether the user is local
admin or not, they can do everything with the domain accessible files (UNC
identified) they would normally be able to do. In the thumbnail code
everything seems on track - we get the PIDLs ok, getlocation returns fine
but the final extract image call (in the impersonated process) on the
IExtractImage interface returns "Access denied" - and the error goes away
when local admin rights are granted on the server for that user (so nothing
to do with network permissions).
I have several thoughts on the issue but no real idea which is correct or
how to go about addressing the hypotheses:
(a) some temporary file is being created on the server machine by the
Extract call
(b) that the GDI is being (presumably) used to create the bitmap (handle
returned by the Extract call) and somehow the Extract thread can't create it
(c) there is some side-effect of being in the local admin group which is
necessary
I thought that some threading issue may be to blame (Extract running under a
different COM thread) but that doesn't really correlate with the problem
going away when the user is made local admin.
Thoughts?
Jonathan