Problem viewing uploaded images using ASP.NET

[IkBenHet]

Hello,


I use this script to upload image files to a folder on a IIS6 server:


******************* START UPLOAD.ASPX FILE **********************


<%@ Page Language="VB" Debug="true" %>
<%@ Import Namespace="System.IO" %>


<script runat="server">


Sub SubmitButton_Click(Source As Object, e As EventArgs)
If Not (oFile.PostedFile Is Nothing) Then
Try
'Declare variables
Dim strFileName As String
Dim strFilePath As String
Dim strFolder As String
Dim strPicType As String
Dim strPicSize As String


'Set Upload Folder
strFolder = "D:\Inetpub\wwwroot\upload\"


'Get the name of the file that is posted
strFileName = oFile.PostedFile.FileName
strFileName = Path.GetFileName(strFileName)
strFilePath = strFolder & strFileName


'Validate that it is an image file
strPicType = oFile.PostedFile.ContentType
strPicSize = oFile.PostedFile.ContentLength


If (strPicType="image/jpeg" or strPicType="image/gif" or
strPicType="image/pjpeg" or strPicType="image/bmp") then
'Save file
oFile.PostedFile.SaveAs(strFil­ePath)
Span.InnerHtml = "De afbeelding werd succesvol
bewaard!<BR><IMG SRC='http://www.a-random-website.co­m/upload/" &
strFileName & "'><BR>" & strPicSize & "."
Else
Span.InnerHtml = "De afbeelding is niet van het formaat
GIF, JPG,
JPEG of BMP!"
End If
Catch ex As Exception
Span.InnerHtml = "Er is een fout opgetreden bij het
bewaren van de afbeelding. Probeer het eens opnieuw."
End Try
End If
End Sub


</script>


<html>
<head>
<title>Title</title>
</head>
<body>
<FONT FACE="Trebuchet MS, Arial, Helvetica, Verdana" SIZE="2"
COLOR="#4E69B0">
<form runat="server" enctype="multipart/form-data">
Selecteer de afbeelding die je wenst toe te voegen:<br />
<input type="file" id="oFile" runat="Server"><br/>
<input type="submit" id="Submit" runat="Server"
value="Upload File" OnServerClick="SubmitButton_Cl­ick">
<p>
<span id="Span" runat="Server" />
</form>
</FONT>
</body>
</html>
******************* END UPLOAD.ASPX FILE **********************


The folder where the images are uploaded to is called upload and
located in the wwwroot folder (D:\Inetpub\wwwroot\upload\). I assigned
write permission to it to be able to save file via script.
This script is working and the file is uploaded correctly. But when I
then want to view the uploaded image using the webbrowser, I am
prompted to logon using windows security.
When I upload an image to the same upload folder
(D:\Inetpub\wwwroot\upload\) using FTP then I can see the image without

being prompted to logon. It seems that it has nothing to do with the
security on the folder, but with the security set on the saved file
using the ASP.NET script.


Who can help me out? What is wrong, do I use a wrong method or can I
set security on the saved file?


Already thanks for your help!

 

[IkBenHet]

Is there really nobody who can assist me on this? I can not find any
information on it issue.
In short: I can post images with FTP and the uploadform to the same
folder that has WRITE rights assigned. But when I want to VIEW the
images I can only see the images posted via FTP without being prompted
for a userid and password.

I think that it must have something to do with the ASP.NET account on
that folder. The problem with that is that I only can control the
permission via a webbased admin tool that the provider have made
available for me. The only options are WRITE and READ, without being
able to specify an account name. Or I need a confirmation from this so
I can instruct the provider to assign the correct rights to the folder
or I need a workaround that is still secure.

Thanks!

 

[Kevin Spencer]

Hi IkBenHet,

Part of the reason you may not have received a reply is the way you asked
the question. For example, "I can post images with FTP and the uploadform" -
What exactly does this mean? There is no such thing (to us) as "the
uploadform." You know what you're referring to, but we do not. It helps to
be spcific about what your terms mean. Also, "I can control the permission
via a webbased admin tool" - Again, what is "the permission?" We have to
guess from the context.

IOW, in order to get an answer, it is important to make it as easy as
possible for people to understand exactly what you're asking, and what your
problem is. Of course, you don't always know what your problem is, but in
that case, pretend you're talking to a car mechanic, and you don't
understand cars. For example, one might describe a car problem to a mechanic
by saying "When I'm driving very fast, and I suddenly put my foot on the
brake and press very hard, I hear a screeching sound coming from the left
front side of the car. However, when I'm driving at a normal speed, I don't.
And when I hear the screeching sound, it only comes from the left front side
of the car." The mechanic can then make an educated guess, based upon the
very specific symptoms you've described, and his knowledge of cars, what the
problem may be. He might then be able to ask you some follow-up questions
about the symptoms to narrow down the problem.

So, on to my best guess as to what you mean, and what it might indicate.
Plainly, you are experiencing some sort of permission issue. Apparently,
something you describe as yourself ("I want to VIEW...") is having some
difficulty reading the images. I don't know whether your'e referring to an
ASP.Net application, or a browser. The answer depends upon what you are
referring to.

You say that it apparently has "something to do with the ASP.Net account on
that folder," but again, I can't assume that until I know specifically what
the problem is. If it is a problem with your app reading the files, that is
the case. On the other hand, if the client browser can't read the files,
it's the anonymous (probably, but I can't tell for sure - that depends on
the security settings on your web site with regards to anonymous access)
Internet user account that doesn't have permission to read the files in that
folder.

The answer to your question depends on the answer to my questions. Now,
again, I'm going to go out on a limb and guess that the "webbased admin tool
that the provider have made available for me" is a web-based web
administration tool that allows you to grant limited permissions for client
browsers to either read and/or write to folders inside your web. If that is
the case, and if it is the case that your ASP.Net app cannot read from that
folder, then the provider will have to set the permissions.

Again, I can give you a better answer if you can answer all of my
questions.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Ambiguity has a certain quality to it.

 

[IkBenHet]

Hello Kevin,

When you see the script in the first thread. And I explain to you that
when I use that script to upload image files to a virtual folder that
has write permission assigned. When I do that using a webbrowser (so I
browse to the URL where the above ASP.NET script has been made
available) I am able to upload the image file and is saved in
correctly. No problem so far, the script it doing what it should do.

But, when I than try to open the uploaded image file using a
webbrowser, I am
prompted for a Windows logon screen in my webbrowser.

Trying to solve my problem I uploaded a test image using FTP to the
same folder as where the image file is located that I just uploaded
using the ASP.NET script. When I try to open that image file using a
webbrowser I am NOT prompted for a Windows logon box.

So, I think to conclude that the ASP.NET script has the right to save
the image files to the folder. (the file is saved in the folder) But I
think for some reason it is saving it with a different permissions
assigned as when I upload it using FTP.

What I tried to explain with the webbased administration tool from the
provider is that I can not see what actual permissions are assigned to
the (uploaded) files and the folder. I only have the option to select a
file or folder and select: "WRITE", "READ", "RESTORE DEFAULT
PERMISSION".

For me it seems not have to do with the ASP.NET account because than I
would been unable to save the file in the folder. I must be some
default permission that is missing when saving a file using the ASP.NET
script.

Is there a function available in ASP.NET so I can list this permission
assigned to the image files and folder or even change it?

Thanks.

Kevin Spencer schreef:

 

[billmiami2]

Using third party web hosting services can be limiting sometimes.

Are you uploading files directly into your virtual root directory or
are you uploading them into a folder set aside for uploaded files? Try
to use a separate folder for your uploads and ask your web hosting
service to set the permissions for the folder so that everyone has
read/write access.

Bill E.
Hollywood, FL

 

[IkBenHet]

Hello Bill,

I think this will be the only solution. A better one would be I
somebody could explain me how to set permissions on a file using
ASP.NET. I know that SAFileUp does not have a problem with permission,
so that is a way to do it.

Can somebody explain me what permissions are really needed, because
giving everybody (or IUSER) full read and write rights, seems to be a
good idea to me.

Thanks