Client-Side Validation of File Types Permissible to Upload

There are several methods you can use to control the types of files that are uploaded to the server. Unfortunately, there is no bullet-proof method to protect you from someone uploading files that would be considered malicious. You can take a few steps, however, to make this process of allowing end users to upload files a little more manageable.

One nice method you can employ is to use the ASP.NET validation controls that are provided for free with ASP.NET. These controls enable you to do a regular-expression check upon the file that is being uploaded to see if the extension of the file is one you permit to be uploaded.

For Example :




ErrorMessage=”Only zip file is allowed!”

ValidationExpression =”^.+(.zip|.ZIP)$”


> </asp:RegularExpressionValidator>

This simple ASP.NET page uses validation controls so that the end user can only upload .zip file to the server. If the file type is not one these three choices, a Validation control throws an exception onto the screen.

Using Validation controls is not a foolproof way of controlling the files that are uploaded to the server. It wouldn’t be too hard for someone to change the file extension of a file so it would be accepted and uploaded to the server, thereby bypassing this simple security model.

Posted in Microsoft Technology Tagged with:
5 comments on “Client-Side Validation of File Types Permissible to Upload
  1. Mahmoud says:

    well, you write .zip & .ZIP , this means that i must put all combinations of character statues ,ex : .zip , .Zip ,.ZIp ,……… ,so is there anyway to handle that ,specially i want my fileupload to upload only images, any type of image,and if I use this I’ll write many many things, can you help ??

  2. Raj says:

    Thanks for this article.

  3. Anonymous says:

    Thanks for this article.. really short and simple

  4. Anonymous says:

    thanks for short and cryisp article..

  5. Ghulam says:

    Thanks a lot of thanks. Excellent trick. Great….!

Ads is a trading site of World of Limited. Outback Direct is the official Outback Consumer Warranty, Parts and Accessory Partners for the UK. We currently hold in stock 1000’s of parts and accessories for current and older Outback barbecues. We endeavour to ensure rapid and secure product delivery the length and breadth of mainland United Kingdom, this factor coupled with our excellent customer service has led to the market position we currently enjoy.
outback barbecue
omega 300 gas barbecue
Omega 250 Gas Hooded BBQ
------------------------------------------------------------ Silver Sky Imports is a unique online marketplace that offers unique handicrafts from Tibet and Nepal. Launched in 2003, Silver Sky Imports is currently the largest supplier of handmade items from the Himalayas. We specialize in the largest variety of Tibetan Singing Bowls and Crystal Singing Bowls online and include individual sound samples, pictures and descriptions for each bowl. Some of our other products include Tibetan Prayer Flags, Tingshas, Bell and Dorje, Incense, Felted Wool Handbags, Wood Masks, Prayer Wheels, Gongs, Bronze Statues, and Tibetan Meditation Rugs. monks
------------------------------------------------------------ Airpush, a mobile ad network that is only two years old, has quickly grown to one with over 5,000 advertisers. One thing they've heard from that sea of advertisers over the past 12 months, and especially over the past six, is that real-time bidding (RTB) capabilities are now a must. To answer those needs, the company today unveiled AirDSP, a platform meant to easily connect advertisers to RTB exchanges. Read more: Mobile RTB
------------------------------------------------------------ Danish site about electronic cigarettes E Cigarette, Electronic Cigarette and E Cigarettes e cigaret
------------------------------------------------------------ drugrisk​ recall ​informat​ion​ drugrisk​ yaz​