Rendering in-memory images from UNC file share

Discussion in 'ASP .Net Security' started by Eric, Aug 18, 2005.

  1. Eric

    Eric Guest

    I have this same problem, and I've *half-way* resolved it. It turns
    out that this is not exactly an IO problem; it's actually a security
    issue and maybe even an ASP.NET bug. Here is what I've done so far...

    1. Learned from this post that there are problems with the FromFile
    method when using a UNC share as the source directory:
    http://tinyurl.com/8exos.

    2. Adapted the code in the post to:
    '\\\
    Dim objStream As New FileStream(SourcePath, _
    FileMode.Open, FileAccess.Read)
    Dim bmp As Bitmap = Bitmap.FromStream(objStream)
    bmp.Save(ms, System.Drawing.Imaging.ImageFormat.Tiff)

    ' Send out through response.
    With ParentPage
    '.Response.ContentType = "image/jpeg"
    .Response.ContentType = "image/tiff"
    .Response.BinaryWrite(ms.GetBuffer)
    .Response.End()
    End With

    objStream.Close()
    '///

    3. Added the relevant URLs to Internet Explorer's list of Trusted Sites
    (http://localhost, http://127.0.0.1, etc.).

    4. Removed anonymous authentication within IIS for the application's
    directory.

    5. Added the <identity impersonate="true" /> tag to the Web.config to
    enable NT integrated security with impersonation.

    THE RESULT

    My application now works as expected when I am physically on the box
    that hosts my application (i.e., when I RDP into the server). However,
    when I try to access it from my workstation, I still get the
    FileNotFoundException (even after adding the server's URL to my local
    list of Trusted Sites).

    It is as if ASP.NET "loses" the NT authentication token when servicing
    the client's request for a remote file.

    Any ASP.NET security gurus have an idea on this one??

    Thanks,

    Eric



    wrote:
    > I'm having a strange error message with ASP.NET image function.
    > Basically sometimes it will find the image path, sometimes it won't.
    > The logic here is that the script iterates through an access table,
    > pulls the image file name from the database, appends a subdirectory
    > path to this name, and then writes some html to display the image. But,
    > like, half the time I get the included error message, and I have no
    > idea why. When I was developing the page, I could get it to work by,
    > get this, copying all the relevant files to a new directory and then
    > restarting the web matrix web server, using that new path. Now, the
    > webmaster and myself are trying to put this on the actual web server
    > running IIS, and this message won't go away. If you want to see my code
    > you can actually look at it here when I posted it for critique, hehe:
    > http://groups-beta.google.com/group...738c7/6c674a830f9b23ca?hl=en#6c674a830f9b23ca
    >
    > Anyways, TIA. Here is the error message:
    >
    >
    > Server Error in '/' Application.
    > --------------------------------------------------------------------------------
    >
    > thumbnails/_DSC0833.JPG
    > Description: An unhandled exception occurred during the execution of
    > the current web request. Please review the stack trace for more
    > information about the error and where it originated in the code.
    >
    > Exception Details: System.IO.FileNotFoundException:
    > thumbnails/_DSC0833.JPG
    >
    > Source Error:
    >
    > Line 182: id = objDR("id")
    > Line 183: name = objDR("name")
    > Line 184: currentImage =
    > System.Drawing.Image.FromFile(path)
    > Line 185: imgHeight = currentImage.Height/2
    > Line 186: imgWidth = currentImage.Width/2
    >
    >
    > Source File: E:\Webs\SPDemo\webimages\logo\index.aspx Line: 184
    >
    > Stack Trace:
    >
    > [FileNotFoundException: thumbnails/_DSC0833.JPG]
    > System.Drawing.Image.FromFile(String filename, Boolean
    > useEmbeddedColorManagement) +205
    > System.Drawing.Image.FromFile(String filename) +7
    > ASP.index_aspx.Draw_index() in
    > E:\Webs\SPDemo\webimages\logo\index.aspx:184
    > ASP.index_aspx.Page_Load(Object Source, EventArgs E) in
    > E:\Webs\SPDemo\webimages\logo\index.aspx:530
    > System.Web.UI.Control.OnLoad(EventArgs e) +67
    > System.Web.UI.Control.LoadRecursive() +35
    > System.Web.UI.Page.ProcessRequestMain() +750
    Eric, Aug 18, 2005
    #1
    1. Advertising

  2. Hello Eric,

    thats a double hop problem. You are impersonating AND accessing a remote
    resource. This is called delegation. Check the info here:
    http://www.leastprivilege.com/TroubleshootingKerberosDelegation.aspx

    Is this IIS5 or 6??

    Why do you impersonate??

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have this same problem, and I've *half-way* resolved it. It turns
    > out that this is not exactly an IO problem; it's actually a security
    > issue and maybe even an ASP.NET bug. Here is what I've done so far...
    >
    > 1. Learned from this post that there are problems with the FromFile
    > method when using a UNC share as the source directory:
    > http://tinyurl.com/8exos.
    >
    > 2. Adapted the code in the post to:
    > '\\\
    > Dim objStream As New FileStream(SourcePath, _
    > FileMode.Open, FileAccess.Read)
    > Dim bmp As Bitmap = Bitmap.FromStream(objStream)
    > bmp.Save(ms, System.Drawing.Imaging.ImageFormat.Tiff)
    >
    > ' Send out through response.
    > With ParentPage
    > '.Response.ContentType = "image/jpeg"
    > .Response.ContentType = "image/tiff"
    > .Response.BinaryWrite(ms.GetBuffer)
    > .Response.End()
    > End With
    > objStream.Close()
    > '///
    > 3. Added the relevant URLs to Internet Explorer's list of Trusted
    > Sites (http://localhost, http://127.0.0.1, etc.).
    >
    > 4. Removed anonymous authentication within IIS for the application's
    > directory.
    >
    > 5. Added the <identity impersonate="true" /> tag to the Web.config to
    > enable NT integrated security with impersonation.
    >
    > THE RESULT
    >
    > My application now works as expected when I am physically on the box
    > that hosts my application (i.e., when I RDP into the server).
    > However, when I try to access it from my workstation, I still get the
    > FileNotFoundException (even after adding the server's URL to my local
    > list of Trusted Sites).
    >
    > It is as if ASP.NET "loses" the NT authentication token when servicing
    > the client's request for a remote file.
    >
    > Any ASP.NET security gurus have an idea on this one??
    >
    > Thanks,
    >
    > Eric
    >
    > wrote:
    >
    >> I'm having a strange error message with ASP.NET image function.
    >>
    >> Basically sometimes it will find the image path, sometimes it won't.
    >>
    >> The logic here is that the script iterates through an access table,
    >>
    >> pulls the image file name from the database, appends a subdirectory
    >>
    >> path to this name, and then writes some html to display the image.
    >> But,
    >>
    >> like, half the time I get the included error message, and I have no
    >>
    >> idea why. When I was developing the page, I could get it to work by,
    >>
    >> get this, copying all the relevant files to a new directory and then
    >>
    >> restarting the web matrix web server, using that new path. Now, the
    >>
    >> webmaster and myself are trying to put this on the actual web server
    >>
    >> running IIS, and this message won't go away. If you want to see my
    >> code
    >>
    >> you can actually look at it here when I posted it for critique, hehe:
    >>
    >> http://groups-beta.google.com/group/asp-net/browse_thread/thread/1c2b
    >> 916ae11738c7/6c674a830f9b23ca?hl=en#6c674a830f9b23ca
    >>
    >> Anyways, TIA. Here is the error message:
    >>
    >> Server Error in '/' Application.
    >> ---------------------------------------------------------------------
    >> -----------
    >> thumbnails/_DSC0833.JPG
    >> Description: An unhandled exception occurred during the execution of
    >> the current web request. Please review the stack trace for more
    >> information about the error and where it originated in the code.
    >> Exception Details: System.IO.FileNotFoundException:
    >> thumbnails/_DSC0833.JPG
    >>
    >> Source Error:
    >>
    >> Line 182: id = objDR("id")
    >> Line 183: name = objDR("name")
    >> Line 184: currentImage =
    >> System.Drawing.Image.FromFile(path)
    >> Line 185: imgHeight = currentImage.Height/2
    >> Line 186: imgWidth = currentImage.Width/2
    >> Source File: E:\Webs\SPDemo\webimages\logo\index.aspx Line: 184
    >>
    >> Stack Trace:
    >>
    >> [FileNotFoundException: thumbnails/_DSC0833.JPG]
    >> System.Drawing.Image.FromFile(String filename, Boolean
    >> useEmbeddedColorManagement) +205 System.Drawing.Image.FromFile(String
    >> filename) +7 ASP.index_aspx.Draw_index() in
    >> E:\Webs\SPDemo\webimages\logo\index.aspx:184
    >> ASP.index_aspx.Page_Load(Object Source, EventArgs E) in
    >> E:\Webs\SPDemo\webimages\logo\index.aspx:530
    >> System.Web.UI.Control.OnLoad(EventArgs e) +67
    >> System.Web.UI.Control.LoadRecursive() +35
    >> System.Web.UI.Page.ProcessRequestMain() +750
    >>
    Dominick Baier [DevelopMentor], Aug 19, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Simon Chung-Jen Chuang
    Replies:
    1
    Views:
    3,944
    Ken Schaefer
    Aug 23, 2003
  2. =?Utf-8?B?RXJpYw==?=

    Rendering in-memory images from UNC file share

    =?Utf-8?B?RXJpYw==?=, Aug 18, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    533
    =?Utf-8?B?RXJpYw==?=
    Aug 18, 2005
  3. BrianS

    Asp.Net Web Service accessing file on UNC share

    BrianS, Feb 10, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    195
    Joe Kaplan \(MVP - ADSI\)
    Feb 11, 2005
  4. Jereme

    aspnet UNC file share authentication

    Jereme, Sep 30, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    205
    Jereme
    Oct 1, 2005
  5. Saraswati lakki
    Replies:
    0
    Views:
    1,295
    Saraswati lakki
    Jan 6, 2012
Loading...

Share This Page