如何在MVC3中限制FileUpload中的文件类型？

Question

我有一个文件上传功能,用户可以上传文件.我想限制用户上传某些文件类型.允许的类型是:.doc,.xlsx,.txt,.jpeg.

我怎么能这样做？

这是我的实际文件上传代码:

      public ActionResult UploadFile(string AttachmentName, BugModel model)
       {            
        BugModel bug = null;
        if (Session["CaptureData"] == null)
        {
            bug = model;
        }
        else
        {
            bug = (BugModel)Session["CaptureData"];
        }
        foreach (string inputTagName in Request.Files)
        {
            HttpPostedFileBase file1 = Request.Files[inputTagName];
            if (file1.ContentLength > 0)
            {
                string path = "/Content/UploadedFiles/" + Path.GetFileName(file1.FileName);
                string savedFileName = Path.Combine(Server.MapPath("~" + path));
                file1.SaveAs(savedFileName);
                BugAttachment attachment = new BugAttachment();
                attachment.FileName = "~" + path.ToString();
                attachment.AttachmentName = AttachmentName;
                attachment.AttachmentUrl = attachment.FileName;
                bug.ListFile.Add(attachment);
                model = bug;
                Session["CaptureData"] = model;
            }
        }
        ModelState.Clear();
        return View("LoadBug", bug);
    }

Answer 1

要验证的第一件事是包含的文件扩展名是否file1.FileName与允许的扩展名之一匹配.然后,如果您确实希望确保用户未将某些其他文件类型重命名为允许的扩展名,则需要查看该文件的内容以识别它是否是允许的类型之一.

以下是如何检查文件扩展名是否属于预定义扩展名列表的示例:

var allowedExtensions = new[] { ".doc", ".xlsx", ".txt", ".jpeg" };
var extension = Path.GetExtension(file1.FileName);
if (!allowedExtensions.Contains(extension))
{
    // Not allowed
}

Answer 2

[AttributeUsage(AttributeTargets.Property, AllowMultiple = false)]
public class AllowedFileExtensionAttribute : ValidationAttribute
{
    public string[] AllowedFileExtensions { get; private set; }
    public AllowedFileExtensionAttribute(params string[] allowedFileExtensions)
    {
        AllowedFileExtensions = allowedFileExtensions;
    }
    protected override ValidationResult IsValid(object value, ValidationContext validationContext)
    {
        var file = value as HttpPostedFileBase;
        if (file != null)
        {
            if (!AllowedFileExtensions.Any(item => file.FileName.EndsWith(item, StringComparison.OrdinalIgnoreCase)))
            {
                return new ValidationResult(string.Format("{1} için izin verilen dosya uzant?lar? : {0} : {2}", string.Join(", ", AllowedFileExtensions), validationContext.DisplayName, this.ErrorMessage));
            }
        }
        return null;
    }
}

在模型中的用法

    [AllowedFileExtension(".jpg", ".png", ".gif", ".jpeg")]
    public HttpPostedFileBase KategoriResmi { get; set; }

Answer 3

您可以使用该ContentType属性进行HttpPostedFileBase文件类型的基本检查(mime类型):请参阅此处Content-Type属性的MSDN页面

这是一种方法:

private static bool IsValidContentType(string contentType)
{
    string ct = contentType.ToLower();

    return ((ct == "application/msword") || (ct == "application/pdf") || (ct == "application/vnd.openxmlformats-officedocument.wordprocessingml.document"));
}

等等..

但是,要进行更深入的检查,您必须检查文件内容.更改文件扩展名很容易..