Uploading files in ASP .NET 2.0. Is it safe?

Related news

September 19, 2007

Choosing to upload files with ASP .NET proved to be inefficient. The way IIS 5 and IIS 6 runs is: when you pick a file in the form, IIS need to “absorb” the whole file and you can have access to the file properties only after. IIS 7 promised to be more like Apache in this case, but until then we have to wait for a long upload and the worst thing is u can’t display a progress bar. If you want to see how a file is uploaded using PHP read the full article here.

Another bad thing is that you cannot upload more than 4MB without raising the limit in maxRequestLength in the <httpRuntime> config section. We have to be careful because isn’t enough to raise the limit for upload; we also should know that we have to increase executionTimeout, otherwise ASP.NET close requests that take too long. How should an user know whose fault is for an unsuccessful upload? One solution is to override Page.OnError and inspect the HTTP code, which should be 400, if the exception happens to be of type HttpException. You may also implement an HttpModule, set up its BeginRequest handler and compare Request.ContentLength with the size limit. If ContentLength is too high, redirect to a page with a meaningful error message.

Uploading Multiple Files

Uploading more than one files is made via the Request.Files collection:

HttpFileCollection uploads = HttpContext.Current.Request.Files;

Let’s have an example for uploading multiple files:

<form id=“form” runat=“server” enctype=“multipart/form-data”>
<p id=“upload”>
   <input type=“file” runat=“server” size=“60″ />
</p>

<p><a href=“#” onclick=“addFile(); return false;”>Add a file</a></p>

<p><asp:Button ID=“butSubmit” runat=“server” Text=“Upload Here” OnClick=“butSubmit_Click” /></p>
class=”coloredcode”><script type=“text/javascript”>
class=”coloredcode”>function addFile(){
    if (!document.getElementById || !document.createElement)
        return false;

    var uploadArea = document.getElementById (”upload”);

    if (!uploadArea)
        return;

    var newLine = document.createElement (”br”);
    uploadArea.appendChild (newLine);

    var newUpload = document.createElement (”input”);
	newUpload.type = “file”;
        newUpload.size = “70″;

    if (!addFile.lastAssignedId)
        addFile.lastAssignedId = 100;

    newUpload.setAttribute (”id”, “dynamic” + addFile.lastAssignedId);
    newUpload.setAttribute (”name”, “dynamic:” + addFile.lastAssignedId);
    uploadArea.appendChild (newUpload);

    addFile.lastAssignedId++;
}
</script>

<script type=“text/C#” runat=“server”>
void butSubmit_Click(object sender, EventArgs e){
    HttpFileCollection uploads = HttpContext.Current.Request.Files;

    for (int i = 0; i < uploads.Count; i++){
        HttpPostedFile upload = uploads[i];

        if (upload.ContentLength == 0)
            continue;
    }
}
</script>

</form>

 

Post a comment

Name (required)

Mail (will not be published) (required)

Website

*
To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Click to hear an audio file of the anti-spam word