Menu
I am allowing uploading of files to my C# MVC website, I am restricting those types based on extension at the moment, but also feel I need a server side check to confirm they haven't just renamed it.
Is there a technique that I can use to check all the types I need or a library I can use that will help here?
I have seen people checking the first few bytes of the file, but I am scared I will miss something?
Thanks for your help.
Edit:
There are a lot of suggestions here. I will investigate some of these as a solution.
583
If you are reading the file as an HttpPostedFile you can get the content type which is equal to the mime type.
So then you can do the following:
if (myFile.ContentType == "video/mpeg")
{
// Do your thing
}
else{
// error
}
Try this solution: Using .NET, how can you find the mime type of a file based on the file signature not the extension
It will do file content sniffing for you.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
