Rendering in-memory images from UNC file share

From: Eric (Eric_at_discussions.microsoft.com)
Date: 08/18/05 

Date: Thu, 18 Aug 2005 07:49:05 -0700

I have this same problem, and I've *half-way* resolved it. It turns
out that this is not exactly an IO problem; it's actually a security
issue and maybe even an ASP.NET bug. Here is what I've done so far...

1. Learned from this post that there are problems with the FromFile
method when using a UNC share as the source directory:
http://tinyurl.com/8exos.

2. Adapted the code in the post to:
'\\\
Dim objStream As New FileStream(SourcePath, _
    FileMode.Open, FileAccess.Read)
Dim bmp As Bitmap = Bitmap.FromStream(objStream)
bmp.Save(ms, System.Drawing.Imaging.ImageFormat.Tiff)

' Send out through response.
With ParentPage
    '.Response.ContentType = "image/jpeg"
    .Response.ContentType = "image/tiff"
    .Response.BinaryWrite(ms.GetBuffer)
    .Response.End()
End With

objStream.Close()
'///

3. Added the relevant URLs to Internet Explorer's list of Trusted Sites
(http://localhost, http://127.0.0.1, etc.).

4. Removed anonymous authentication within IIS for the application's
directory.

5. Added the <identity impersonate="true" /> tag to the Web.config to
enable NT integrated security with impersonation.

THE RESULT

My application now works as expected when I am physically on the box
that hosts my application (i.e., when I RDP into the server). However,
when I try to access it from my workstation, I still get the
FileNotFoundException (even after adding the server's URL to my local
list of Trusted Sites).

It is as if ASP.NET "loses" the NT authentication token when servicing
the client's request for a remote file.

Any ASP.NET security gurus have an idea on this one??

Thanks,

Eric

burgermeister01@gmail.com wrote:
> I'm having a strange error message with ASP.NET image function.
> Basically sometimes it will find the image path, sometimes it won't.
> The logic here is that the script iterates through an access table,
> pulls the image file name from the database, appends a subdirectory
> path to this name, and then writes some html to display the image. But,
> like, half the time I get the included error message, and I have no
> idea why. When I was developing the page, I could get it to work by,
> get this, copying all the relevant files to a new directory and then
> restarting the web matrix web server, using that new path. Now, the
> webmaster and myself are trying to put this on the actual web server
> running IIS, and this message won't go away. If you want to see my code
> you can actually look at it here when I posted it for critique, hehe:
> http://groups-beta.google.com/group/asp-net/browse_thread/thread/1c2b916ae11738c7/6c674a830f9b23ca?hl=en#6c674a830f9b23ca
>
> Anyways, TIA. Here is the error message:
>
>
> Server Error in '/' Application.
> --------------------------------------------------------------------------------
>
> thumbnails/_DSC0833.JPG
> Description: An unhandled exception occurred during the execution of
> the current web request. Please review the stack trace for more
> information about the error and where it originated in the code.
>
> Exception Details: System.IO.FileNotFoundException:
> thumbnails/_DSC0833.JPG
>
> Source Error:
>
> Line 182: id = objDR("id")
> Line 183: name = objDR("name")
> Line 184: currentImage =
> System.Drawing.Image.FromFile(path)
> Line 185: imgHeight = currentImage.Height/2
> Line 186: imgWidth = currentImage.Width/2
>
>
> Source File: E:\Webs\SPDemo\webimages\logo\index.aspx Line: 184
>
> Stack Trace:
>
> [FileNotFoundException: thumbnails/_DSC0833.JPG]
> System.Drawing.Image.FromFile(String filename, Boolean
> useEmbeddedColorManagement) +205
> System.Drawing.Image.FromFile(String filename) +7
> ASP.index_aspx.Draw_index() in
> E:\Webs\SPDemo\webimages\logo\index.aspx:184
> ASP.index_aspx.Page_Load(Object Source, EventArgs E) in
> E:\Webs\SPDemo\webimages\logo\index.aspx:530
> System.Web.UI.Control.OnLoad(EventArgs e) +67
> System.Web.UI.Control.LoadRecursive() +35
> System.Web.UI.Page.ProcessRequestMain() +750

Relevant Pages

  • Re: having trouble with all search engines
    ... Work through all of the solutions (CWShredder, Ad-aware, Spybot) at ... More security tips at http://www.aumha.org/a/parasite.htm ... An error message detailing the cause ... > application event log of the web server. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Yes - Off-Line Temporarily
    ... > Here is the error message I get ... This error can occur if the Web server is busy and cannot process your request due to heavy traffic. ... > information: Microsoft Support ... So, since I won't be running a firewall, I want to get these security measures in place. ...
    (microsoft.public.frontpage.client)
  • Re: Form Security
    ... After all this, if no error message has been generated, the form contents are emailed to me. ... I'm no Linux guru, so I don't know what someone could do to cause problems with this script, other than spam me. ... What he's proposing is false security - which is worse than no security ...
    (comp.lang.php)
  • RE: SBS Web Remote Webworkplace Login
    ... What's the detail error message when you input credential and the page ... On the Web Server Certificate page shows. ... Collect IIS Log: ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • [NT] Poisoning Cached HTTPS Documents in Internet Explorer
    ... Get your security news from a reliable source. ... "poison" a user's browser cache with a malicious document that will later ... The attacker can exploit this vulnerability for "replacing" HTML ... to communicate with a malicious web server over HTTPS without the browser ...
    (Securiteam)