我正在开发一个网络应用,我想限制用户在Azure blob上上传某种类型,例如仅限图片或PDF。
当我按下上传图片时,有没有办法检查它是否是图像?如果它不是图像,它拒绝请求?最好在服务器端进行验证
这是我正在使用的编码:
<div>
Select Image to upload a ClassDiagram
<input name="classdiagram" type="file" multiple="multiple" accept="image/*">
<input type="submit" value="Upload Image" />
</div>
部分公共ActionResult ImageUpload()
var dfd = Request.Files["dfd"];
var classdiagram = Request.Files["classdiagram"];
// Code hidden for Brevity. Multiple var instances.
// --- SETTING UP THE CONTAINER --- //
// Create the CloudStorageAccount
StorageCredentials credentials = new StorageCredentials("swiftdevelopmentstorage", "HqaCkZjdQ8w/DX/fS3wDxU6HXbeqV5EZ1b+UQaKALxaJDrN9JoZZYn8Q0KT6QR4tCrdGQicxE+tKRKScjINW8w==");
CloudStorageAccount storageAccount = new CloudStorageAccount(credentials, true);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
// Retrieve Reference to container
CloudBlobContainer container = blobClient.GetContainerReference("systemdesign");
// Create if nonexistent
container.CreateIfNotExists();
// Change Default Private Permission to Public
container.SetPermissions(new BlobContainerPermissions { PublicAccess = BlobContainerPublicAccessType.Blob });
// Depending on the Design type (e.g. Flowchart, dfd..) the blob will be uploaded to a different sub folder
if (dfd != null)
{
string uniqueBlobName = string.Format("dfd/image_{0}{1}",
Guid.NewGuid().ToString(), Path.GetExtension(dfd.FileName));
CloudBlockBlob blob = container.GetBlockBlobReference(uniqueBlobName);
// Rest of the code is all other if cases for the remaining Request.Files
问题是accept="image/*",如果用户切换到&#34;全部显示&#34;
答案 0 :(得分:0)
问题是,accept =&#34; image / *&#34;仍然没有拒绝上传 如果用户切换到&#34;全部显示&#34;
,则为其他扩展名
你是对的。这样,您将无法阻止用户上传任何文件。
你可以做的事情很少:
image/*(例如image/png,image/gif等)并基于此过滤请求。然而,这并不是万无一失的做事方式。如果有人将exe文件重命名为png并上传它,该怎么办?