I'm building an ASP.Net mvc4 application that allows the user to send an image encoded as a Base64 string via a POST request. How to validate the user input to ensure that the base64 string is indeed an image and prevent the user from passing malicious data in the POST request? e.g. to prevent external URLs from being injected.
I found this and this which tells to do it in PHP but not Asp.net/C#.
I would follow the same approach in the PHP example and basically try to create an image from the base64 encoded data. If the data is not a valid image, I would expect that the image would throw an exception or at the very least, be null.
Doing a quick search, I found an example here on SO that shows several methods to create an image from a base64 encoded string.
Assuming ms is of type MemoryStream, I would suspect that you could wrap either one of these methods with a try/catch:
new Bitmap(ms)
or
mage.FromStream(ms);
Have you thought of decorating your post method with
[ValidateAntiForgeryToken]
