How can I verify a files content type without using the files extension or mime type using ASP.Net.
I don't want to use the mime type because it appears to be determined by the file extension.
How can I verify a files content type without using the files extension or mime type using ASP.Net.
I don't want to use the mime type because it appears to be determined by the file extension.
You could use the FindMimeFromData() function in UrlMon.dll (using pinvoke).
See this page for an example and this MSDN page for the documentation of the function.
There is no generic way to verify a file is of the given extension type.
You could create a white-list of formats (png, jpg, zip etc) and examine the file header to determine whether it conforms to the expected format.
Even that is not fool-proof though since the file content itself may be malformed in a way that would only become apparent when an attempt to load it is made.
It really depends on file type. For many file types, you can examine the header of the file, which is generally prior to the first 0 char in the file. I used to have some code that examined picture types, so I might be able to find it somewhere.
But, there are file types that will not have this form of header, like XML (yeah, this is a cheap example, but it was easy for me to think of ;->). I believe all graphics types will have the header, as will other binary file types.
As Andrew has mentioned, the header is not 100%. But, it is unlikely it will be a hack attack if the file is "malformed". It is more likely a corrupt upload or upload of a corrupt file.