ASP.NET, C#, IIS, MIME TYPES, FILE UPLOAD CONDITIONAL

Question

I have a file upload web-form on the website and it needs to only accept certain formats (or MIME types)...

The following code is working PERFECTLY, EXCEPT, it does not upload .DOCX files to the server ! That is the only file type that does not work... I have double checked every line of code and have even gotten into the IIS manager to ensure .DOCX MIME types were inherited, and they were...

Does anyone have any idea why .DOCX files will not upload to the server like every other filetype does?

Snippet of code:

string savePath = "D:\\HIDDEN PATH HERE";
string fileMsg;

// Before attempting to perform operations
// on the file, verify that the FileUpload 
// control contains a file.
if (FileUpload1.HasFile)
{
    // Check to see that the content type is proper and allowed.
    // DOC: application/doc, appl/text, application/vnd.msword, application/vnd.ms-word, application/winword, application/word, application/x-msw6, application/x-msword
    if (
        FileUpload1.PostedFile.ContentType == "text/rtf" ||
        FileUpload1.PostedFile.ContentType == "application/doc" ||
        FileUpload1.PostedFile.ContentType == "appl/text" ||
        FileUpload1.PostedFile.ContentType == "application/vnd.msword" ||
        FileUpload1.PostedFile.ContentType == "application/vnd.ms-word" ||
        FileUpload1.PostedFile.ContentType == "application/winword" ||
        FileUpload1.PostedFile.ContentType == "application/word" ||
        FileUpload1.PostedFile.ContentType == "application/msword" ||       
        FileUpload1.PostedFile.ContentType == "application/x-msw6" ||
        FileUpload1.PostedFile.ContentType == "application/x-msword" ||
        FileUpload1.PostedFile.ContentType == "application/pdf" ||
                        FileUpload1.PostedFile.ContentType == "application/x-pdf" ||
        FileUpload1.PostedFile.ContentType == "application/vnd.openxmlformats-officedocument.wordprocessingml.document" ||
        FileUpload1.PostedFile.ContentType == "application/vnd.openxmlformats-officedocument.wordprocessingml.template"
        )
    {
        // Get the name of the file to upload.
        String fileName = FileUpload1.FileName;

        // Append the name of the file to upload to the path.
        savePath += strnow + fileName;


        // Call the SaveAs method to save the 
        // uploaded file to the specified path.
        // This example does not perform all
        // the necessary error checking.               
        // If a file with the same name
        // already exists in the specified path,  
        // the uploaded file overwrites it.
        FileUpload1.SaveAs(savePath);

        // Notify the user of the name of the file
        // was saved under.
        //fileMsg = "Your file was saved as " + fileName;
        fileMsg = "";
    }
    else
    {
        fileMsg = "Your file was not an accepted format. Please use PDF, RTF or DOC formats."; 
    }

Only thing I can think of is perhaps IIS doesn't have a mime type configured for DOCX (not that it should really need it for upload, but perhaps it has a bearing), have you checked that there is one setup for the extension? — dougajmcdonald, Sep 12 '11 at 16:23
Check out [Fiddler](http://www.fiddler2.com/fiddler2/), this might help you determine exactly what MIME string is being pushed up the wire (although I think it _should_ be `application/msword` (which you have.)) — Grant Thomas, Sep 12 '11 at 16:31
What is the value of `FileUpload1.PostedFile.ContentType` when you upload the .docx? Or doesn't it get that far? — Town, Sep 12 '11 at 16:32
@Mr. Disappointment: I believe that for docx it should be `application/vnd.openxmlformats-officedocument.wordprocessingml.document` but he does also have that - I just thought you might want to know. :) — Chris, Sep 12 '11 at 16:38
Hello all, thank you for your help. The code you see above accepts WORD (.DOC), .PDFS, and everything else listed there, EXCEPT .DOCX... Still not sure what is going on... — Chris Newton, Sep 12 '11 at 17:30
I CHOSE TO JUST READ THE EXTENSION... even though I do not think it is the most secure way — Chris Newton, Sep 12 '11 at 18:01
@Chris Newton: The mime type isn't that secure either since anybody with some knowledge of HTTP or a copy of fiddler could change what the mime type is. Only really surefire way to identify what the file is is to look at the file itself though this is usually overkill... — Chris, Sep 13 '11 at 16:34
.docx is essentially a zip, and so is identified as such with regards to a files MIME Type — Paul Zahra, Mar 15 '13 at 14:09

score 2 · Accepted Answer · edited May 23 '17 at 12:19

2

See this answer, which points you to this page.

DOCX Mime Type:

application/vnd.openxmlformats-officedocument.wordprocessingml.document

EDIT: Sorry, didn't see it in the list. If you want to allow DOCX, why not just check for ".docx" as the extension.

|| FileUpload1.PostedFile.FileName.ToLower().Substring(FileUpload1.PostedFile.FileName.Length - 4) == "docx"

edited May 23 '17 at 12:19

Community

1
1

answered Sep 12 '11 at 16:32

Martin

11,031
8
50
77

1

He's already handling that case. Look at his code (OR conditions). – Icarus Sep 12 '11 at 16:34
Hello all, thank you for your help. The code you see above accepts WORD (.DOC), .PDFS, and everything else listed there, EXCEPT .DOCX... Still not sure what is going on.. – Chris Newton Sep 12 '11 at 17:30
I CHOSE TO JUST READ THE EXTENSION... even though I do not think it is the most secure way. – Chris Newton Sep 12 '11 at 18:01
Reading the extension is the right way to go, Chris. Mime types are not reliable for this, as the OP discovered. – Kir May 31 '12 at 12:37
old post, but how about a hypothetical: what if I change the extension locally of my .exe or .zip file to .doc? Going to have to agree with Chris's hesitation on this one. – Robert Jun 30 '15 at 14:18

score 1 · Answer 2 · answered May 31 '12 at 12:40

You should be reading the extension, not checking mime types. MIME types are set by the browser and could be different between computers. This is not their purpose.

Also, regardless of what background you come from, if you have an if statement like that, you should feel at least the slightest bit of shame.

string[] acceptedExtensions = new string[] { ".docx", ".doc", ".txt", ".etc" };
// snip


if(acceptedExtensions.Contains(Path.GetExtension(FileUpload1.PostedFile.Filename))) 
{ 
    AcceptFile(FileUpload1.PostedFile);
}

ASP.NET, C#, IIS, MIME TYPES, FILE UPLOAD CONDITIONAL

2 Answers2

Linked