My suggestion, if you want to avoid ActiveX route, and you want to make sure that file above a certain length is not uploaded then you can set the size limit in config file:
<system.web>
<httpRuntime maxRequestLength="2048"/>
</system.web>
Down side of it: any file greater than defined size would lead page to display "This page cannot be displayed" so you need to catch this error and handle it.