Validate Image Type Using Image GUID in ASP.NET(Asp.Net中使用图片GUID验证图片类型)
2012-06-26 12:14
621 查看
原文地址链接:
http://www.codeproject.com/Articles/409328/Validate-Image-Type-Using-Image-GUID-in-ASP-NET
Vaildate image content using System.Drawing.Image class rather than the image file extension in ASP.NET.
在Asp.Net中,使用System.Drawing.Image类而不是图片文件扩展名来验证图片内容。
PS:文件的扩展名并不准确对应于文件类型。
malicious scripts.
我们看到的多数Web应用程序都有图片上传并存储到服务器上的功能。
在将图片存储到服务器上之前,一般来说我们需要对图片进行验证,因为用户可能上传恶意脚本代码。
Generally we may check extension of that uploaded files and denid that script file to upload on the server. But this validation is not enough to restrict upload malicious script because user will change the extension of that script and upload that file.
通常我们通过检查上传文件的扩展名,拒绝脚本文件上传到服务器上。
但是这种验证方法不能够很好地限制恶意脚本代码文件的上传,因为用户可能修改上传脚本文件的扩展名。
To Resolve this problem , we should check content of that images instead of file extension. Because if user changes file extension , content of that file never changes.
解决这个问题,我们需要检查文件内容而不是文件扩展名。因为即使用户更改了文件的扩展名,但文件内容是永远不会被更改的。
在这片文章里,我们将通过一个简单的例子来讲解如何检查图片内容并拒绝用户上传恶意脚本。
检查图片内容,我们需要使用System.Drawing.Image类。
Now first step is create simple web application in Visual Studio and Add a Web From. Now add one file upload control and button. Markup of your default page is look like below:
第一步,建立一个简单的Web应用程序(使用Visual Studio),并添加一个Web表单。
然后在新建的Web页面上放置一个文件上传控件(file upload)和一个按钮控件(button)。
默认页面如下:
Now we need to write below code in button click to validate images.
然后,我们需要在按钮的点击事件处理代码中实现图片的验证。
In above code we check that user upload any file, if yes then we will convert that file into image object.After convert into image object we will check that image object RawFormat.GUID to check file content. We will check and compare that GUID with ImageFormat
enum.
上边的代码中,我们检查用户上传的任意文件。如果用户上传了文件,我们尝试将其转换为Image(图片)对象。在转换为Image对象后,我们将检查文件对象RawFormat.GUID来辨别文件内容。通过检查并和ImageFormat(图片格式)枚举进行比较来识别图片的类型。
Using this we can put some restriction that some image file types are only allowed not other than this.If user changes file extension but their RowFormat GUID’s never change it will remain same even after it’s extension changed.for example, if user changed
gif file extension to jpg but it’s GUID never changed it will remain same which is in GIF.
In above example,If user upload any file other than images, it will generate ArgumentException while access it’s rowformat property so here we can not allow to file other than images.
http://www.codeproject.com/Articles/409328/Validate-Image-Type-Using-Image-GUID-in-ASP-NET
Vaildate image content using System.Drawing.Image class rather than the image file extension in ASP.NET.
在Asp.Net中,使用System.Drawing.Image类而不是图片文件扩展名来验证图片内容。
PS:文件的扩展名并不准确对应于文件类型。
Introduction
Generally we have seen that every web application have functionality like upload images and store that images into server. But before store images into a server there may be required to validate that image because there may be possible that user may uploadmalicious scripts.
我们看到的多数Web应用程序都有图片上传并存储到服务器上的功能。
在将图片存储到服务器上之前,一般来说我们需要对图片进行验证,因为用户可能上传恶意脚本代码。
Generally we may check extension of that uploaded files and denid that script file to upload on the server. But this validation is not enough to restrict upload malicious script because user will change the extension of that script and upload that file.
通常我们通过检查上传文件的扩展名,拒绝脚本文件上传到服务器上。
但是这种验证方法不能够很好地限制恶意脚本代码文件的上传,因为用户可能修改上传脚本文件的扩展名。
To Resolve this problem , we should check content of that images instead of file extension. Because if user changes file extension , content of that file never changes.
解决这个问题,我们需要检查文件内容而不是文件扩展名。因为即使用户更改了文件的扩展名,但文件内容是永远不会被更改的。
Implementation
Now in this article we will see how to check content of the images and restrict user to upload malicious script using simple example. To check content of the images we will use System.Drawing.Image class.在这片文章里,我们将通过一个简单的例子来讲解如何检查图片内容并拒绝用户上传恶意脚本。
检查图片内容,我们需要使用System.Drawing.Image类。
Now first step is create simple web application in Visual Studio and Add a Web From. Now add one file upload control and button. Markup of your default page is look like below:
第一步,建立一个简单的Web应用程序(使用Visual Studio),并添加一个Web表单。
然后在新建的Web页面上放置一个文件上传控件(file upload)和一个按钮控件(button)。
默认页面如下:
<asp:FileUpload ID="FileUpload1" runat="server" /><br /><br /> <asp:Button Text="Save" runat="server" ID="butSave" onclick="butSave_Click" />
Now we need to write below code in button click to validate images.
然后,我们需要在按钮的点击事件处理代码中实现图片的验证。
try
{
if (FileUpload1.HasFile)
{
System.Drawing.Image image = System.Drawing.Image.FromStream(FileUpload1.FileContent);
string FormetType = string.Empty;
if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Tiff.Guid)
FormetType = "TIFF";
else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Gif.Guid)
FormetType = "GIF";
else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Jpeg.Guid)
FormetType = "JPG";
else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Bmp.Guid)
FormetType = "BMP";
else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Png.Guid)
FormetType = "PNG";
else if (image.RawFormat.Guid == System.Drawing.Imaging.ImageFormat.Icon.Guid)
FormetType = "ICO";
else
throw new System.ArgumentException("Invalid File Type");
lblMessage.Text = "File Formet Is:" + FormetType;
}
}
catch (System.ArgumentException exp)
{
lblMessage.Text="Invalid File";
}
catch (Exception ex)
{
lblMessage.Text = ex.Message;
}In above code we check that user upload any file, if yes then we will convert that file into image object.After convert into image object we will check that image object RawFormat.GUID to check file content. We will check and compare that GUID with ImageFormat
enum.
上边的代码中,我们检查用户上传的任意文件。如果用户上传了文件,我们尝试将其转换为Image(图片)对象。在转换为Image对象后,我们将检查文件对象RawFormat.GUID来辨别文件内容。通过检查并和ImageFormat(图片格式)枚举进行比较来识别图片的类型。
Using this we can put some restriction that some image file types are only allowed not other than this.If user changes file extension but their RowFormat GUID’s never change it will remain same even after it’s extension changed.for example, if user changed
gif file extension to jpg but it’s GUID never changed it will remain same which is in GIF.
In above example,If user upload any file other than images, it will generate ArgumentException while access it’s rowformat property so here we can not allow to file other than images.
Conclusion
The goal of this article just show you that we can validate image using it’s content rather than it’s file extension. Hope this will help you.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- C# 使用Image Guid 验证图片类型 (转载,感谢原作者)
- 【翻译】C# 使用Image Guid 验证图片类型
- C# 使用Image Guid 验证图片类型
- 如何将图片以Image类型存储到数据库 (asp.net) 如何从数据库中读取Image类型的字段(asp.net)
- asp.net中使用Page.Validate()和Page.IsValid进行服务器端验证
- 在网页中使用Winform控件,并调整其大小(using Winform control in ASP.NET and adjust its size)
- 使用ASP.NET Image Generation生成图片缩略图及水印
- asp.net使用服务器控件Image/ImageButton显示本地图片
- 使用ASP.NET Image Generation生成图片缩略图及水印
- asp.net中使用Page.Validate()和Page.IsValid进行服务器端验证
- 在ASP.NET中使用Response.ContentType="类型名"
- 【转载】在ASP.NET 2.0 中如何使用多个Sitemap文件【Using Multiple Sitemap Files in ASP.NET 2.0--英文】
- 使用ASP.NET Image Generation生成图片缩略图及水印
- 在asp.net mvc中使用jquery validate验证
- 在ASP.NET中使用Response.ContentType="类型名";来确定输出格式
- 在ASP.NET中使用Forms Authenticatoin验证用户
- 使用ASP.NET Image Generation生成图片缩略图及水印
- asp.net中使用Page.Validate()和Page.IsValid进行服务器端验证
- Asp.net ImageButton 根据编辑表单类型显示不同按钮图片
- ASP.NET MVC 2.0 in Vs2010 :使用C# 4.0中使用动态类型来传递ViewData