1. Check For File Types
Sayed Ahmed
http://sayed.justetc.net
2. • In C#, how to check the file type
• One option
– Check the file extension and decide on that
• However, users may use a wrong extension
• The extension may not be there
• It can be a security threat as users may upload
malicious files with wrong extension
– How it can be a security threat that I need to check
– Without extension how that can affect..
– Anyway
3. • Checking file extension...will show
• However, I just found a solution to read file
contents and check the mime type for that file
and decide about file type
– This definitely a better solution than just checking
file extensions
– Whether to allow users to upload files
• Is safe or not is another issue
• I can show you another short-note on that
4. • Now showing you the code...
• I just copied the code to check
– It worked so far
– I am at Tim Horton’s trying the code
– Not at home
– Not at work..
5. • I was showing how to check file types based
on file data..
• Got stopped as the ...
• Anyway..
• Used this
– http://stackoverflow.com/questions/58510/using-
net-how-can-you-find-the-mime-type-of-a-file-
based-on-the-file-signature
6. • Let’s try a document file
• Also, try a file without extensions...
• Does not look what we are expecting
– It is to be doc file...
– This is what is going on for Docx
• Notice I handled DOCX file types differently since DOCX
is really just a ZIP file. In this scenario, I simply check
the file extension once I verified that it has that
sequence. This example is far from complete for some
people, but you can easily add your own.
7. • I will check for the method to find docx type
• Let’s try a doc file
• Better connected to my own internet than tim
horton’s
• So you can read
– http://sitestree.com/file-system-access-and-php-
security-2/
– To know how safe it is to allow your public users
to upload files ....
8. • Let’s try a different solution from the same
page...
• We probably need a hybrid solution for best
results
– Probably -> this is what seems to me the best
approach so far..
• I made the solution working
– It does not look nice in my code
– This is just to demonstrate for now....
9. • I am talking about the one I just highlighted
• You take first 256 byte from the file and send
to the method
• So far, it checks for extension and byte
sequence..anyway..let’s take a look...
• Let’s try a docx file...
• Let’s try a PDF...
10. • If you want to go for solely based on extension
• You can keep the allowed extensions in an
array and then match if the file extension is in
the extensions array..
• Anyway..good luck...
11. • I do not need Jquery validation here...
• You can see valid to be true...
• So you use
– <asp:FileUpload ID="uploadFile"
onchange="return CheckExtension(this);"
runat="server"/>
– On aspx file...
12. This is the Jquery code
• var validFilesTypes = ["bmp", "gif", "png", "jpg", "jpeg",
• "doc", "docx", "xls", "xlsx", "rar", "zip", "txt", "pdf"];
• function CheckExtension(file) {
• /*global document: false */
• var filePath = file.value;
• var ext = filePath.substring(filePath.lastIndexOf('.') + 1).toLowerCase();
• var isValidFile = false;
• for (var i = 0; i < validFilesTypes.length; i++) {
• if (ext == validFilesTypes[i]) {
• isValidFile = true;
• break;
• }
• }
• if (!isValidFile) {
• file.value = null;
• alert("Invalid File. Valid extensions are:nn" + validFilesTypes.join(", "));
• }
• return isValidFile;
• }
13. • The code just works based on file extension
• You can use this as client side validation
• On the server side you can use validation
using C#
– I have another video on that..
– Check our youtube channel or
– Check sitestree.com -> in couple of hours from
now...
14. • Ok I can also test the code for filesize
validation..
• The rebuild was not required though..this is
just Jquery and .aspx file...
• So you can see the file size is 3.67 MB
– Both in our code
– And file properties dialog...
15. • For server side validation...
• You can check the video I am just uploading..
• Good luck...