Problem with uploading Image files.

Discussion in 'ASP .Net Security' started by IkBenHet, May 26, 2005.

  1. IkBenHet

    IkBenHet Guest

    Hello,

    I use this script to upload image files to a folder on a IIS6 server:

    ******************* START UPLOAD.ASPX FILE **********************

    <%@ Page Language="VB" Debug="true" %>
    <%@ Import Namespace="System.IO" %>

    <script runat="server">

    Sub SubmitButton_Click(Source As Object, e As EventArgs)
    If Not (oFile.PostedFile Is Nothing) Then
    Try
    'Declare variables
    Dim strFileName As String
    Dim strFilePath As String
    Dim strFolder As String
    Dim strPicType As String
    Dim strPicSize As String


    'Set Upload Folder
    strFolder = "D:\Inetpub\wwwroot\upload\"

    'Get the name of the file that is posted
    strFileName = oFile.PostedFile.FileName
    strFileName = Path.GetFileName(strFileName)
    strFilePath = strFolder & strFileName

    'Validate that it is an image file
    strPicType = oFile.PostedFile.ContentType
    strPicSize = oFile.PostedFile.ContentLength

    If (strPicType="image/jpeg" or strPicType="image/gif" or
    strPicType="image/pjpeg" or strPicType="image/bmp") then
    'Save file
    oFile.PostedFile.SaveAs(strFilePath)
    Span.InnerHtml = "De afbeelding werd succesvol
    bewaard!<BR><IMG SRC='http://www.a-random-website.com/upload/" &
    strFileName & "'><BR>" & strPicSize & "."
    Else
    Span.InnerHtml = "De afbeelding is niet van het formaat GIF, JPG,
    JPEG of BMP!"
    End If
    Catch ex As Exception
    Span.InnerHtml = "Er is een fout opgetreden bij het
    bewaren van de afbeelding. Probeer het eens opnieuw."
    End Try
    End If
    End Sub

    </script>

    <html>
    <head>
    <title>Title</title>
    </head>
    <body>
    <FONT FACE="Trebuchet MS, Arial, Helvetica, Verdana" SIZE="2"
    COLOR="#4E69B0">
    <form runat="server" enctype="multipart/form-data">
    Selecteer de afbeelding die je wenst toe te voegen:<br />
    <input type="file" id="oFile" runat="Server"><br/>
    <input type="submit" id="Submit" runat="Server"
    value="Upload File" OnServerClick="SubmitButton_Click">
    <p>
    <span id="Span" runat="Server" />
    </form>
    </FONT>
    </body>
    </html>
    ******************* END UPLOAD.ASPX FILE **********************

    The folder where the images are uploaded to is called upload and
    located in the wwwroot folder (D:\Inetpub\wwwroot\upload\). I assigned
    write permission to it to be able to save file via script.
    This script is working and the file is uploaded correctly. But when I
    then want to view the uploaded image using the webbrowser, I am
    prompted to logon using windows security.
    When I upload an image to the same upload folder
    (D:\Inetpub\wwwroot\upload\) using FTP then I can see the image without
    being prompted to logon. It seems that it has nothing to do with the
    security on the folder, but with the security set on the saved file
    using the ASP.NET script.

    Who can help me out? What is wrong, do I use a wrong method or can I
    set security on the saved file?

    Already thanks for your help!
     
    IkBenHet, May 26, 2005
    #1
    1. Advertising

  2. IkBenHet

    IkBenHet Guest

    Is there really nobody who can assist me on this? I can not find any
    information on it issue.
    In short: I can post images with FTP and the uploadform to the same
    folder that has WRITE rights assigned. But when I want to VIEW the
    images I can only see the images posted via FTP without being prompted
    for a userid and password.

    I think that it must have something to do with the ASP.NET account on
    that folder. The problem with that is that I only can control the
    permission via a webbased admin tool that the provider have made
    available for me. The only options are WRITE and READ, without being
    able to specify an account name. Or I need a confirmation from this so
    I can instruct the provider to assign the correct rights to the folder
    or I need a workaround that is still secure.

    Thanks!

    IkBenHet schreef:
    > Hello,
    >
    > I use this script to upload image files to a folder on a IIS6 server:
    >
    > ******************* START UPLOAD.ASPX FILE **********************
    >
    > <%@ Page Language="VB" Debug="true" %>
    > <%@ Import Namespace="System.IO" %>
    >
    > <script runat="server">
    >
    > Sub SubmitButton_Click(Source As Object, e As EventArgs)
    > If Not (oFile.PostedFile Is Nothing) Then
    > Try
    > 'Declare variables
    > Dim strFileName As String
    > Dim strFilePath As String
    > Dim strFolder As String
    > Dim strPicType As String
    > Dim strPicSize As String
    >
    >
    > 'Set Upload Folder
    > strFolder = "D:\Inetpub\wwwroot\upload\"
    >
    > 'Get the name of the file that is posted
    > strFileName = oFile.PostedFile.FileName
    > strFileName = Path.GetFileName(strFileName)
    > strFilePath = strFolder & strFileName
    >
    > 'Validate that it is an image file
    > strPicType = oFile.PostedFile.ContentType
    > strPicSize = oFile.PostedFile.ContentLength
    >
    > If (strPicType="image/jpeg" or strPicType="image/gif" or
    > strPicType="image/pjpeg" or strPicType="image/bmp") then
    > 'Save file
    > oFile.PostedFile.SaveAs(strFilePath)
    > Span.InnerHtml = "De afbeelding werd succesvol
    > bewaard!<BR><IMG SRC='http://www.a-random-website.com/upload/" &
    > strFileName & "'><BR>" & strPicSize & "."
    > Else
    > Span.InnerHtml = "De afbeelding is niet van het formaat GIF, JPG,
    > JPEG of BMP!"
    > End If
    > Catch ex As Exception
    > Span.InnerHtml = "Er is een fout opgetreden bij het
    > bewaren van de afbeelding. Probeer het eens opnieuw."
    > End Try
    > End If
    > End Sub
    >
    > </script>
    >
    > <html>
    > <head>
    > <title>Title</title>
    > </head>
    > <body>
    > <FONT FACE="Trebuchet MS, Arial, Helvetica, Verdana" SIZE="2"
    > COLOR="#4E69B0">
    > <form runat="server" enctype="multipart/form-data">
    > Selecteer de afbeelding die je wenst toe te voegen:<br />
    > <input type="file" id="oFile" runat="Server"><br/>
    > <input type="submit" id="Submit" runat="Server"
    > value="Upload File" OnServerClick="SubmitButton_Click">
    > <p>
    > <span id="Span" runat="Server" />
    > </form>
    > </FONT>
    > </body>
    > </html>
    > ******************* END UPLOAD.ASPX FILE **********************
    >
    > The folder where the images are uploaded to is called upload and
    > located in the wwwroot folder (D:\Inetpub\wwwroot\upload\). I assigned
    > write permission to it to be able to save file via script.
    > This script is working and the file is uploaded correctly. But when I
    > then want to view the uploaded image using the webbrowser, I am
    > prompted to logon using windows security.
    > When I upload an image to the same upload folder
    > (D:\Inetpub\wwwroot\upload\) using FTP then I can see the image without
    > being prompted to logon. It seems that it has nothing to do with the
    > security on the folder, but with the security set on the saved file
    > using the ASP.NET script.
    >
    > Who can help me out? What is wrong, do I use a wrong method or can I
    > set security on the saved file?
    >
    > Already thanks for your help!
     
    IkBenHet, May 28, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dung Ping
    Replies:
    10
    Views:
    1,014
    Chaddy2222
    Jan 16, 2006
  2. Replies:
    1
    Views:
    419
    Shaun McDonnell
    Apr 30, 2006
  3. =?Utf-8?B?am9l?=
    Replies:
    1
    Views:
    387
    =?Utf-8?B?TXVyYWxp?=
    Jul 21, 2006
  4. dermoon
    Replies:
    0
    Views:
    499
    dermoon
    Oct 8, 2003
  5. Andrew Chan

    Problems: uploading files have Chinese named files

    Andrew Chan, Apr 16, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    191
    Andrew Chan
    Apr 16, 2004
Loading...

Share This Page