Use
Path.GetExtension[
^] method to get extension of a file from it't name.
But matching file name extension with mime type and content type is an other thing.
You have a list of mime types and the matching extension here:
http://webdesign.about.com/od/multimedia/a/mime-types-by-file-extension.htm[
^]
But be aware, that all this are sent by the client, thus they can be altered. You can never really believe the client! So if you really need to enforce content type filtering, you need much more. In linux/unix environment there is a method called "
magic bytes[
^]" that can be used to guess the file type based on the content fingerprints. But I haven't found any real implementation under .net. Still, you can use a library shipped with IE, called urlmon. In
this article[
^] there is a sample of usage.
using System.Runtime.InteropServices;
[DllImport("urlmon.dll", CharSet = CharSet.Unicode, ExactSpelling = true, SetLastError = false)]
static extern int FindMimeFromData(IntPtr pBC,
[MarshalAs(UnmanagedType.LPWStr)] string pwzUrl,
[MarshalAs(UnmanagedType.LPArray, ArraySubType = UnmanagedType.I1, SizeParamIndex = 3)] byte[] pBuffer,
int cbSize,
[MarshalAs(UnmanagedType.LPWStr)] string pwzMimeProposed,
int dwMimeFlags, out IntPtr ppwzMimeOut, int dwReserved);
public static string getMimeFromFile(HttpPostedFile file)
{
IntPtr mimeout;
int MaxContent = (int)file.ContentLength;
if (MaxContent > 4096) MaxContent = 4096;
byte[] buf = new byte[MaxContent];
file.InputStream.Read(buf, 0, MaxContent);
int result = FindMimeFromData(IntPtr.Zero, file.FileName, buf, MaxContent, null, 0, out mimeout, 0);
if (result != 0)
{
Marshal.FreeCoTaskMem(mimeout);
return "";
}
string mime = Marshal.PtrToStringUni(mimeout);
Marshal.FreeCoTaskMem(mimeout);
return mime.ToLower();
}
So you can simply use this on server side to check mime type, and match with extension too. If these do not match, you have a possible evasion.