Use the API call FindMimeFromData and compare the returned mime type with a list of allowed types.
For an image file this will return a string of the form, "image/{subtype}" where {subtype} will be something like "jpeg", "tiff" or "bmp" depending upon the image type.
For examples of how to call it see PInvoke :
Here
AS you've already got the file content in a byte array you can skip the reading from disk step in the Pinvoke examples.
PS.
In case you are not already aware your maximum size check value should be less than the HTTP MaxRequestLength for the web site/app. If you try and upload a file which is larger than this you'll get an exception. See,
Setting up Web.config to allow uploading of large files by ASP .NET applications