How can I verify a files content type without using the files extension or mime type using ASP.Net.
I don't want to use the mime type because it appears to be determined by the file extension.
+1
A:
You could use the FindMimeFromData() function in UrlMon.dll (using pinvoke).
See this page for an example and this MSDN page for the documentation of the function.
M4N
2009-02-26 17:53:24
A:
There is no generic way to verify a file is of the given extension type.
You could create a white-list of formats (png, jpg, zip etc) and examine the file header to determine whether it conforms to the expected format.
Even that is not fool-proof though since the file content itself may be malformed in a way that would only become apparent when an attempt to load it is made.
Andrew Grant
2009-02-26 17:53:55
+1
A:
It really depends on file type. For many file types, you can examine the header of the file, which is generally prior to the first 0 char in the file. I used to have some code that examined picture types, so I might be able to find it somewhere.
But, there are file types that will not have this form of header, like XML (yeah, this is a cheap example, but it was easy for me to think of ;->). I believe all graphics types will have the header, as will other binary file types.
As Andrew has mentioned, the header is not 100%. But, it is unlikely it will be a hack attack if the file is "malformed". It is more likely a corrupt upload or upload of a corrupt file.
Gregory A Beamer
2009-02-26 18:27:27