ASP.NET - Limit file upload available file types

Question

I have added a file upload to my asp.net website. However, I want to limit the file types that user can select. For example, I only the user to select mp3 files. How can I a

Answer 1

Using RegularExpressionValidator may help you. No serverside code is necessary for the checking of the file extension. Check out this code

<asp:RegularExpressionValidator ID="uplValidator" runat="server" ControlToValidate="FileUpload1"
 ErrorMessage=".mp3, .mp4 & wma formats are allowed" 
 ValidationExpression="(.+\.([Mm][Pp][3])|.+\.([Mm][Pp][4])|.+\.([Ww][Mm][Aa]))"></asp:RegularExpressionValidator>

Remember all you have to do is now add a fileupload control with the id FileUpload1. Done. You can press F5 and see the effect

Answer 2

Use the accept attribute directly in the tag (it's not really supported by the control, but will be delivered to client anyway)

While you could list file extensions, e.g: ".xls,.xlsx", this is NOT recommended, and some browsers get confused by it.

It's better to use MIME types (browser will map them to appropriate extensions for you):

 Upload MP3: <asp:FileUpload runat="server" accept=""audio/mpeg" />

Use comma-separated list if needed, e.g.:

 Upload Excel files: <asp:FileUpload runat="server" 
                 accept="application/vnd.ms-excel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" />

Supported browsers and more info: http://www.w3schools.com/tags/att_input_accept.asp

Common MIME types below (snapshot of http://www.sitepoint.com/web-foundations/mime-types-summary-list/ )

.au audio/basic
.avi video/msvideo, video/avi, video/x-msvideo
.bmp image/bmp
.bz2 application/x-bzip2
.css text/css
.dtd application/xml-dtd
.doc application/msword
.docx application/vnd.openxmlformats-officedocument.wordprocessingml.document
.dotx application/vnd.openxmlformats-officedocument.wordprocessingml.template
.es application/ecmascript
.exe application/octet-stream
.gif image/gif
.gz application/x-gzip
.hqx application/mac-binhex40
.html text/html
.jar application/java-archive
.jpg image/jpeg
.js application/x-javascript
.midi audio/x-midi
.mp3 audio/mpeg
.mpeg video/mpeg
.ogg audio/vorbis, application/ogg
.pdf application/pdf
.pl application/x-perl
.png image/png
.potx application/vnd.openxmlformats-officedocument.presentationml.template
.ppsx application/vnd.openxmlformats-officedocument.presentationml.slideshow
.ppt application/vnd.ms-powerpointtd>
.pptx application/vnd.openxmlformats-officedocument.presentationml.presentation
.ps application/postscript
.qt video/quicktime
.ra audio/x-pn-realaudio, audio/vnd.rn-realaudio
.ram audio/x-pn-realaudio, audio/vnd.rn-realaudio
.rdf application/rdf, application/rdf+xml
.rtf application/rtf
.sgml text/sgml
.sit application/x-stuffit
.sldx application/vnd.openxmlformats-officedocument.presentationml.slide
.svg image/svg+xml
.swf application/x-shockwave-flash
.tar.gz application/x-tar
.tgz application/x-tar
.tiff image/tiff
.tsv text/tab-separated-values
.txt text/plain
.wav audio/wav, audio/x-wav
.xlam application/vnd.ms-excel.addin.macroEnabled.12
.xls application/vnd.ms-excel
.xlsb application/vnd.ms-excel.sheet.binary.macroEnabled.12
.xlsx application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
.xltx application/vnd.openxmlformats-officedocument.spreadsheetml.template
.xml application/xml
.zip application/zip, application/x-compressed-zip

Answer 3

This is probably a very old topic, however if anyone else has this question I found that this worked for me

because asp:FileUpload converts to a html tag on client side, it logically makes sence that you can add html tags aswell.

It worked for me, now you can only select those file tipes and don't need the regular expressions

Answer 4

<asp:RegularExpressionValidator ID="rexp" runat="server" ControlToValidate="fupProduct"
     ErrorMessage="Only .gif, .jpg, .png, .tiff and .jpeg"
     ValidationExpression="(.*\.([Gg][Ii][Ff])|.*\.([Jj][Pp][Gg])|.*\.([Bb][Mm][Pp])|.*\.([pP][nN][gG])|.*\.([tT][iI][iI][fF])$)"></asp:RegularExpressionValidator>

Answer 5

There are no options for the default file uploader, but you can use tools such as Uploadify to fulfill this goal. However, it is flash based if that is a problem. You can try it out on their limited file types demo.

If you do not want to use flash, it would be easiest to do the validation yourself via javascript or on the server side and inform the user if the file's type is not valid.

file-input-accept-attribute-is-it-useful is another similar question that may have some useful information.

Answer 6

I have a similar application that is being used to upload PDF files. While it would be great if the Upload Control had a file type filter out of the box, I found it wouldn't really solve the problem of limiting the file type to upload.

For instance, if a user were to simply rename a Word document from "myfile.docx" to "myfile.pdf" the system would assume it was a valid file, even though the actual file encoding is invalid; this would cause issues in other parts of the application.

To actually solve the issue, you can take the byte array from the control and parse it as a string. Then apply a filter. Here is the code I have:

private static void CheckForValidFileType(byte[] data)
{
    var text = ASCIIEncoding.ASCII.GetString(data);
    if (!text.StartsWith("%PDF"))
        throw new Exception("Invalid file type selected.");
}

Of course you will need to know what patterns are valid for your file type, and may want to use a RegEx instead of the .Net string helper method, but the general idea is to actually check the actual file contents and not rely on the file extension for validation.

Ryan A.