File Upload in asp.net

Question

I am using FileUpload control to facilitate Image file upload on my website. I want to restrict a user to upload only Image file. I am using

 if (fupFirmLogo.PostedFile.ContentType == "image/Jpeg")
            { 

            } 

to check if the file is a image or not. I want to allow all image extensions like PNG, GiF, Jpeg, tif , BMP etc. How should I do it.

Answer 1

I know this is old but just validate the content type. The content type is just a string.

if (fupFirmLogo.PostedFile.ContentType.Contains("image/")
{ 
   //This is an Image
}
else
{
  //not and image
}

This will allow any file that has a content type starting with "image/" which is all images.

Answer 2

Checking file name against regex for matching image file extension is not appropriate. Hackers can use this functionality to promote their websites. I have personally experienced it. So, here is how you can make it certain that uploaded file is an image in VB.net:

  Public Function IsFileAnImage(ByRef uploadedFile As HttpPostedFile) As Boolean
    Try
      Dim uploadedImage As Drawing.Image = Drawing.Image.FromStream(uploadedFile.InputStream)
      uploadedImage.Dispose()
      Return True
    Catch
      Return False
    End Try
  End Function

Answer 3

The only problem with the solutions above is that the file will have to be uploaded to the server before you can check their file types.

If you put some Javascript in the onSubmit call, you can read the filename and test there, returning false if its not a valid file name.

This will be much more friendly on your bandwidth.

<form method="post" enctype="multipart/form-data" onsubmit="return submit(this)">
  <input id="inputControl" name="file" type="file" />
</form>

Then

function submit(form) {
  var fileName = $('#inputControl').val().replace(/.*(\/|\\)/, '');
  // check the filename here, return false if its not an image.
}

Answer 4

I hope this will help you out. Try below code.

    Image uploadedImage = null;  
    if (ImageUpload.HasFile && ImageUpload.FileName != string.Empty && ImageUpload.FileContent.Length > 0)  
    {  
        try  
        {  
            uploadedImage = Image.FromStream(ImageUpload.PostedFile.InputStream);  
        }  
        catch (Exception ex)  
        {  
            lblUploadStatus.Text = "Selected file is not an image.<br />" + ex.Message;  
       }  

       if (uploadedImage != null)  
       {  
           string savePath = string.Format("{0}/{1}", Server.MapPath("~/images/orig/upload_temp"), ImageUpload.FileName);  
           uploadedImage.Save(savePath, ImageFormat.Jpeg);  
       }  
   }  

Answer 5

you should use regular expression to validate that is an image or not, might be the better option

some thing like:

 public static bool IsValidImage(this string fileName)
    {           
        Regex regex = new Regex(@"(.*?)\.(jpg|JPG|jpeg|JPEG|png|PNG|gif|GIF|bmp|BMP)$");
        return regex.IsMatch(fileName);
    }

Then you check:

if (fupFirmLogo.FileName.IsValidImage())
{
    //Do your code
}
else
 {
    //Not a valid image
  }

Answer 6

You could define an array of known image types:

public static readonly string[] _imageMimeTypes = new[] { "image/jpeg", "image/png" };

and then test whether the posted content type is in this array:

if (_imageMimeTypes.Contains(fupFirmLogo.PostedFile.ContentType))
{
    // ...
}