Click here to Skip to main content
13,455,913 members (48,086 online)
Click here to Skip to main content
Add your own
alternative version


21 bookmarked
Posted 24 Jun 2012

Validate Image Type Using Image GUID in ASP.NET

, 24 Jun 2012
Rate this:
Please Sign up or sign in to vote.
Vaildate image content using System.Drawing.Image class rather than the image file extension in ASP.NET.


Generally, we have seen that every web application has functionality like upload images and store those images into server. But before storing images into a server, they may be required to validate that image because there may be possible that user may upload malicious scripts.

Generally, we may check the extension of that uploaded file and denied that script file to upload on the server. But this validation is not enough to restrict upload malicious script because user will change the extension of that script and upload that file.

To resolve this problem, we should check the content of those images instead of file extension. Because if user changes file extension, the content of that file never changes.


Now in this tip, we will see how to check content of the images and restrict user from uploading malicious script using a simple example. To check the content of the images, we will useSystem.Drawing.Image class.

Now, the first step is to create a simple web application in Visual Studio and add a Web From. Now add one file upload control and button. Markup of your default page looks like below:

<asp:FileUpload ID="FileUpload1" runat="server" /><br /><br />
<asp:Button Text="Save" runat="server" ID="butSave" onclick="butSave_Click"  />

Now we need to write the below code in button click to validate images.

    if (FileUpload1.HasFile)
        System.Drawing.Image image = System.Drawing.Image.FromStream(FileUpload1.FileContent);
        string FormetType = string.Empty;
        if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Tiff.Guid)
            FormetType = "TIFF";
        else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Gif.Guid)
            FormetType = "GIF";
        else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Jpeg.Guid)
            FormetType = "JPG";
        else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Bmp.Guid)
            FormetType = "BMP";
        else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Png.Guid)
            FormetType = "PNG";
        else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Icon.Guid)
            FormetType = "ICO";
            throw new System.ArgumentException("Invalid File Type");

        lblMessage.Text = "File Format Is:" + FormetType;
catch (System.ArgumentException exp)
    lblMessage.Text="Invalid File";
catch (Exception ex)
    lblMessage.Text = ex.Message;

In the above code, we check whether user uploads any file, if yes then we will convert that file into image object. After converting into image object, we will check that image object RawFormat.GUID to check file content. We will check and compare that GUID with ImageFormat enum.

Using this, we can put some restriction that some image file types are only allowed not other than this. If user changes file extension but their RowFormat GUID’s never change, it will remain the same even after it’s extension changed. For example, if user changed gif file extension to jpg but its GUID never changed, it will remain the same which is in GIF.

In the above example, if user uploads any file other than images, it will generate ArgumentException while accessing its rowformat property so here we cannot allow to file other than images.


The goal of this tip is to just show you that we can validate image using its content rather than its file extension. Hope this will help you.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Jigar Bagadai
Software Developer
India India
I have been working as a Software Engineer on Microsoft .NET Technology.I have developed several web/desktop application build on .NET technology .My point of interest is Web Development,Desktop Development,Ajax,Json,Jquey,XML etc.I have completed Master of Computer Application in May-2011.I'm not happy unless I'm learning something new.

You may also be interested in...


Comments and Discussions

GeneralMy vote of 4 Pin
Ankit Kumar3-Sep-12 1:45
memberAnkit Kumar3-Sep-12 1:45 
GeneralMy vote of 5 Pin
Pankaj Nikam27-Jun-12 4:19
memberPankaj Nikam27-Jun-12 4:19 
GeneralMy vote of 4 Pin
Vitaly Tomilov25-Jun-12 3:25
memberVitaly Tomilov25-Jun-12 3:25 
GeneralMy vote of 5 Pin
Carsten V2.024-Jun-12 9:40
memberCarsten V2.024-Jun-12 9:40 
GeneralMy vote of 5 Pin
Mika199224-Jun-12 9:36
memberMika199224-Jun-12 9:36 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01-2016 | 2.8.180322.1 | Last Updated 24 Jun 2012
Article Copyright 2012 by Jigar Bagadai
Everything else Copyright © CodeProject, 1999-2018
Layout: fixed | fluid