none
Restricting Content Type(MIME) upon file upload RRS feed

  • Question

  • Hello,

             We have an ASP.NET application in which we allow PDF files to be uploaded. On the server code we used "urlmon.dll" and checked for the MIME type using "FindMimeFromData" before uploading. We are allowing files only if MIME type is application/pdf. 

    Now our testing team is intercepting(using tools) the web-request and altering the content type and submitting the request. Is there a way to restrict this kind of scenario.

    Below image shows the actual request sent 

    Now the request is being intercepted and the content type is being changed.

    In this kind of  scenario how do we stop the file upload.

    Any idea/suggestion on how to workaround this would be highly appreciated.

     


    Regards, Dillu

    • Moved by CoolDadTx Friday, December 20, 2019 2:49 PM ASP.NET related
    Friday, December 20, 2019 1:15 PM

All replies