Solved

Reading a file into a buffer from in asp.net: error "Logon failure: unknown user name or bad password."

Posted on 2004-10-06
9
918 Views
Last Modified: 2008-01-09
Hello experts!
  We are facing an interesting problem.
  We have some tiff image files located on a remote shared folder, say
\\172.23.45.66\Shared\Images
  Only specific logins are given access to this folder.
  Now, on my webpage, if I place an image control, and set its src value as follows:
  myImg.Src = @"\\172.23.45.66\Shared\Images\tmpin.jpg";"

  Then the code works and the image is displayed.
  But, If we try to read the image into a buffer as follows:

byte[] buf = null;
System.IO.FileStream fs = new System.IO.FileStream(myImg.Src, System.IO.FileMode.Open, System.IO.FileAccess.Read);

buf = new byte[fs.Length];
fs.Read(buf, 0, buf.Length);
fs.Close();

  then we get the following error:
"Logon failure: unknown user name or bad password. "

  It is very important that we load the file into a buffer.
  So, can some one suggest what could be the problem and how it can be solved?
  Note that it is not possible for us to create additional shares or virtual Web folders for the file directory, because the address can be anything that the user has rights to: it is not necessarily one single folder.
  So, we are looking for a generic solution to load a file into a buffer from an ASP .net page if the current windows user has rights to access the folder.
Looking forward to your help.
Thanks,
...Shu
0
Comment
Question by:snehanshu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12236893
Dim r As New StreamReader(file1.PostedFile.InputStream())
        Dim strBuffer As String = r.ReadToEnd
       
        'DO SOMETHING HERE WITH strBuffer
       
        r.Close()
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 12236909
<form runat="server" enctype="multipart/form-data" ID="Form2">
  <P>
    <input type="file" id="file1" runat="server" NAME="file1">
  </P>
  <P>
    <asp:Button id="btn1" runat="server" text="Upload" onclick="upload" />
  </P>
</form>

--------------------------------------------------------------------------------------

Imports System.Data
Imports System.Data.SqlClient

Public Sub Upload(ByVal sender As Object, ByVal e As System.EventArgs)
        Dim b(file1.PostedFile.InputStream.Length - 1) As Byte

        file1.PostedFile.InputStream.Read(b, 0, file1.PostedFile.InputStream.Length)

        Dim con As New SqlConnection(ConfigurationSettings.AppSettings("ConnectionStringSQL"))

        Dim sql As String = "INSERT INTO MY_TABLE(MyID, DATABLOB) VALUES(1,@BlobData) "
        Dim cmd As New SqlCommand(sql, con)

        Dim parmBlob As New SqlParameter("@BlobData", SqlDbType.VarBinary, _
                     b.Length, ParameterDirection.Input, False, 0, _
                     0, Nothing, DataRowVersion.Current, b)
                     
        cmd.Parameters.Add(parmBlob)

        con.Open()
        cmd.ExecuteNonQuery()
        con.Close()
End Sub

Aeros
0
 
LVL 15

Expert Comment

by:praneetha
ID: 12237839
System.IO.FileStream fs = new System.IO.FileStream(@"\\172.23.45.66\Shared\Images\tmpin.jpg", System.IO.FileMode.Open, System.IO.FileAccess.Read);

try hardcoding it for a while...

also try (@"\\172.23.45.66\\Shared\\Images\\tmpin.jpg",
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 10

Accepted Solution

by:
jnhorst earned 500 total points
ID: 12238941
What kind of authentication is involved with the website?  If you are allowing anonymous connections, there are two possibilities:

1) If you do not have <identity impersonate="true" /> in web.config, the code that is trying to read the file into a buffer is trying it under the security context of the local ASPNET account (local to the machine running IIS).  That account will surely not have permissions on the network share.

2) If you do have <identity impersonate="true" /> in web.config and are allowing anonymous connections, the code is being executed in the context of the local account that IIS is using to authenticate anonymous requests.  This is usually named IUSR_<machine name>.  You can check this by opening the IIS Admin application, clicking the Directory Security tab and then the Edit button for the section on anonymous requests.

The problem here is that both IUSR_... and ASPNET are local accounts (local to the box running IIS) and would not have permissions on a network share.  A third option exists if you are autheticating the user using Windows or Forms authentication.  Under that scenario, if <identity impersonate="true" /> is NOT in web.config, #1 above applies; the local ASPNET account is being used.  If you DO have <identity impersonate="true" /> in web.config, then the code is executing under the security context of the authenticated user.

So if you are allowing anonymous requests and want the image to load into the buffer regardless of which user is requesting the page, you'll want to do the following:

1) Create a domain or Active Directory account that will only be used for anonymous requests to the IIS box.  Go to the IIS Admin utility and reset the account that authenticates anonymous requests to use that account instead of the local IUSR_... account.

2) Give this new account read permissions on the network share.

3) Make sure <identity impersonate="true" /> is in web.config.

John
0
 
LVL 5

Author Comment

by:snehanshu
ID: 12284057
jnhorst,
  Thanks for your comment.
  Your comment helped us understand the problem and we have made changes to the design based on this understanding.
Thanks again,
...Shu
0
 
LVL 10

Expert Comment

by:jnhorst
ID: 12284138
Glad to help.

John
0
 
LVL 5

Author Comment

by:snehanshu
ID: 12284229
John,
  May I ask a follow-up question please?
  If I want to use option 3, can you tell me how to do it?
  I would like to take take the windows username and password from a database and execute the file access code under that user (security context or whatever it is called).
  I know that for windows based application, we have APIs to impersonate a certain user and execute parts of code as a different user. Are there any web-equivalents of this: that only certain part of my code is executed as a partucluar username/password that I know (have as string variables)?

...Shu
0
 
LVL 10

Expert Comment

by:jnhorst
ID: 12287531
You can do this (having certain code running under a particular user's account) in a COM+ application that you instantiate in your web app, but I have not done this in .NET, only back in old school asp.  But if you want to use a certain account for a web app (the whole app), you can do this:

<identity impersonate="true" username="userslogin" password="password" />

I do not like doing this (putting secure info in a clear text file that exists on the server) but it can be done.

John
0
 
LVL 5

Author Comment

by:snehanshu
ID: 12294817
Thanks again John!
We will try this.
...Shu
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question