1

What is the best way to validate the file format in file-upload control in ASP.NET? Actually I want that user only upload files with specific format. Although I validate it by checking file name but I am looking for another solution to over come this.

Improve this question
2
  • Which formats do you plan to accept? Commented Jul 9, 2011 at 21:03
  • I want to Upload Packet tracer file .pkt Commented Jul 9, 2011 at 21:21

3 Answers 3

Reset to default
1

Try the following code which reads the first 256 bytes from the file and return the mime type of the file using an internal dll (urlmon.dll).Then compare the mime type of your file and the returned mime type after parsing.

     using System.Runtime.InteropServices; ...

           [DllImport(@"urlmon.dll", CharSet = CharSet.Auto)]
           private extern static System.UInt32 FindMimeFromData(
           System.UInt32 pBC,
           [MarshalAs(UnmanagedType.LPStr)] System.String pwzUrl,
           [MarshalAs(UnmanagedType.LPArray)] byte[] pBuffer,
           System.UInt32 cbSize,
           [MarshalAs(UnmanagedType.LPStr)] System.String pwzMimeProposed,
           System.UInt32 dwMimeFlags,
           out System.UInt32 ppwzMimeOut,
           System.UInt32 dwReserverd
         );

         public string getMimeFromFile(string filename)
         {
          if (!File.Exists(filename))
             throw new FileNotFoundException(filename + " not found");

            byte[] buffer = new byte[256];
            using (FileStream fs = new FileStream(filename, FileMode.Open))
            {
              if (fs.Length >= 256)
                  fs.Read(buffer, 0, 256);
              else
                 fs.Read(buffer, 0, (int)fs.Length);
           }
      try
      {
          System.UInt32 mimetype;
          FindMimeFromData(0, null, buffer, 256, null, 0, out mimetype, 0);
          System.IntPtr mimeTypePtr = new IntPtr(mimetype);
          string mime = Marshal.PtrToStringUni(mimeTypePtr);
          Marshal.FreeCoTaskMem(mimeTypePtr);
          return mime;
     }
     catch (Exception e)
     {
         return "unknown/unknown";
     }
    }

But check the type in different browsers, since the mimetype might be different in different browsers.

Also this will give the exact mimetype even if you changed the extension by editing the name of the file.

Hope this helps you...

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Sorry to say but iam looikng forward to validate from client.
@Shoaib, I too searched for some thing simillar as your requirement and can,t find one. Finally i just checked only for the extension at client-side and did the server-side validation for the purpose using the above code. urlmon.dll is an internal dll within dotnet library and only need to add its reference..
Thanx to All .I fond solution by simple using regular expression validator and check that my extension pattern should matched :)
@Shoaib, See, checking the file extension is simple. But if you upload an invalid file by changing its extension to the valid one by simply renaming it then your validation fails. If you added the mentioned server-side validation along with your client-side validation it will prevent uploading an invalid file by changing the extension. Now i hope you understand why this is done..
1

The only way to be sure is to actually parse the whole file according to the specification of the file format and check that everything fits.

If you want to do just basic check, most binary file formats have some form of header or magic number at their beginning, that you can check for.

Improve this answer

Comments

0

You can use a component like Uploadify that limit's the user which type of files he can choose before uploading.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.