Upload images in ASP. NET to check whether images are authentic and prevent viruses from being uploaded to the server

I. requirements are in use. when developing a website, you often use Image Upload. It can be said that it is essential for every website, ranging from portals, e-commerce websites, government systems, OA systems to enterprise websites and personal websites, blog websites, navigation websites, and so on can all be used to upload images. Therefore, when uploading images in the client browser, some criminals will inevitably disguise the virus as image files and then upload them to our website server, this causes the website to crash. In order to solve this problem, we first filter the program and we will have the following article. Ii. Main Code 1. In MVC, We will upload an Avatar. In MVC, please refer to my article: [MVC series] ASP. net mvc File Upload FileUpLoad /// <summary> /// upload the Avatar /// </summary> /// <param name = "userId"> User ID </param> // <returns> Json (-1 indicates a system exception, -2 indicates the file is invalid) </returns> [HttpPost] public JsonResult Upload (string userId) {// the path of the uploaded avatar string folderPath = "/upload/avatar /"; // determine whether the path exists if (! Directory. Exists (folderPath) Directory. CreateDirectory (folderPath); // create a file path: HttpPostedFileBase uploadFile = Request. Files ["avatars"]; if (uploadFile! = Null) {string oriFileName = uploadFile. fileName; // original file name string fileName = userId + "_" + oriFileName; // file name format: User ID + file name uploadFile. saveAs (Server. mapPath (folderPath + fileName); // save it to the Server FileStream fs = new FileStream (Server. mapPath (folderPath + fileName), FileMode. open, FileAccess. read); BinaryReader reader = new BinaryReader (fs); string fileClass; byte buffer; byte [] B = new byte [2]; buffer = re Ader. readByte (); B [0] = buffer; fileClass = buffer. toString (); buffer = reader. readByte (); B [1] = buffer; fileClass + = buffer. toString (); reader. close (); fs. close (); if (fileClass = "255216" | fileClass = "7173" | fileClass = "6677" | fileClass = "13780 ") {// 255216 is jpg; 7173 is gif; 6677 is BMP, 13780 is PNG; 7790 is exe, and 8297 is rar // Response. write ("image available"); // save to database} else {// Response. write ("invalid image"); FileI Nfo f = new FileInfo (Server. mapPath (folderPath + fileName); f. delete (); // Delete the file return Json (-2, JsonRequestBehavior. allowGet);} return Json (Server. htmlEncode (folderPath + fileName), JsonRequestBehavior. allowGet);} return Json (-1, JsonRequestBehavior. allowGet);} 2. public void UploadFile () {try {HttpPostedFile postfile = Request. files ["file"]; string savepath = Server. mapPath ("/upload/ Vatar/"+ postfile. fileName); postfile. saveAs (savepath); FileStream fs = new FileStream (savepath, FileMode. open, FileAccess. read); BinaryReader reader = new BinaryReader (fs); string fileClass; byte buffer; byte [] B = new byte [2]; buffer = reader. readByte (); B [0] = buffer; fileClass = buffer. toString (); buffer = reader. readByte (); B [1] = buffer; fileClass + = buffer. toString (); reader. close (); fs. cl Ose (); if (fileClass = "255216" | fileClass = "7173" | fileClass = "6677" | fileClass = "13780 ") {// 255216 is jpg; 7173 is gif; 6677 is BMP, 13780 is PNG; 7790 is exe, and 8297 is rar // Response. write ("image available"); // save to database} else {// Response. write ("invalid image"); File. delete (savepath); // Delete the file return;} catch (Exception) {// Response. write ("the image is invalid! "); Return; throw;} 3. To sum up, of course, this is only a small measure to prevent viruses, and the technology is not profound, of course, the filtering I wrote here has a major defect. It is to upload the file to the server first and then detect it. This is also not safe. You can detect the file before uploading it, implement it by yourself. Of course, there are still many things to be done to upload files to ensure server security, such as installing anti-virus software on the server to regularly monitor new files. There are also a lot of hardware firewalls, which are not described here. In this chapter, if you have no idea how to upload files in MVC, you can learn how to upload files. The source code uses swfupload to upload files. It supports Multifile upload. For specific implementation, download the source code at the end of the article. Assign a job for you to further think about how to upload files across domains or distributed systems. (Job requirements: the website file server is separated from the Web server. When users upload files, we access the files to the file server. If the file server disk is full, what should we do? Of course, if multiple users upload files at the same time and write data to the disk, our server configuration cannot meet the existing concurrent write requirements. We need to consider multiple file servers and multiple file servers, so what should we do when uploading files? Load Balancing and distribution are involved here)