Validating an uploaded file's ContentType in ASP.NET

I'm storing some files in my database and since I'm storing them in binary format and not keeping any other information, I have to make sure that all of them are in the same format so that I'll be able to "serve" them later (If there's a simple way to infer the file type from a byte array, please tell, but that's not the focus here).

So, what I need to do is validate every file that is uploaded to make sure it's on the required format.

I've set up a FieldTemplate with a FileUpload control and a CustomValidator:

<asp:FileUpload ID="FileUpload" runat="server" />&nbsp;


<asp:CustomValidator
    ID="CustomValidator1"
    runat="server"
    ErrorMessage="PDF only."
    ControlToValidate="FileUpload"
    OnServerValidate="CustomValidator1_ServerValidate">
</asp:CustomValidator>

What I'm missing is the code to place in that CustomValidator1_ServerValidate method that checks the uploaded file to make sure it's in the right format (PDF in this case).

Thanks in advance.

Answers


Use the FileUpload.PostedFile.ContentType property to validate the MIME type ( should be application/pdf ). For security reasons, also validate that the file extension is appropriate ( .pdf ). You could have a static hashtable containing mappings from MIME type to file extension(s) and use as lookup to validate an extension.


Like ary said. This can all be spoofed. Take a .txt file, rename it to a pdf file and try getting the content type. It will be "application\pdf".

However there is one solution that I have used before. During my brief test with the PDF files, I figured out that the first 3 bytes were always the same. I tried only the first 3 bytes because it seemed enough. The value for the first three bytes is : 37, 80, 68.

So I read the bytes (InputFile1.FileContent.ReadByte()), compared them to the 3 bytes above and if they were the same, then I had a PDF file. Also I read somewhere that you should turn off the script execution for the upload directory in IIS. Hope it helps.


Need Your Help

Why is my CFRunLoopTimer not firing?

c++ ios objective-c cocoa core-foundation

I have a CFRunLoopTimer created within a C++ class as shown below:

to build iOS apps from command line with different info.plist files

ios objective-c command-line

I want to build my iOS app from command line along with parameters that i can give to use the appropriate info.plist file. Can this thing be established? ie. giving different info.plist files for

obfuscation with bouncycastle and LWUIT

java-me obfuscation lwuit netbeans-7 bouncycastle

I have build an application that using LWUIT for UI and bouncycastle for Hashing and Encryption, and every thing is working fine in the emulator but When I try to test it on real device