4,817 questions
How to be sure that an uploaded file type is the real type, using IFormFile, without relying on extension or content type.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 1%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Nuno Marques
1
Reputation point
Hi community,
I would like to know, because I've being search but without success, if is there a way to check the real file type on upload?
My scenario is, imagine that a user changes an executable file extension from ".exe" to ".jpg" or ".png", when he/she upload the file it looks like an image, and I'm only accepting these two types, but the file is a masked executable, is there a way to verify that?
Just to let you know, I already tried to check the first bytes, but when I changed the extension of the executable, I'm getting the bytes of a JPG or PNG, so it seems that it's not working.
Thank for those who will spend some time to help me!
Developer technologies | ASP.NET | ASP.NET Core
3 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2022-03-02T02:06:05.087+00:00 Hi @Nuno Marques ,
My scenario is, imagine that a user changes an executable file extension from ".exe" to ".jpg" or ".png", when he/she upload the file it looks like an image, and I'm only accepting these two types, but the file is a masked executable, is there a way to verify that?
We can't verify that.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.Best regards,
Dillion -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 77,766 Reputation points Volunteer Moderator2023-02-23T17:00:13.2866667+00:00 to determine the file type you need to read and compare the format to known types. try this library:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 35%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)