File Upload Handling in ASP.NET Core
π‘ Concept Name
File Upload Handling
π Quick Intro
ASP.NET Core allows file uploads via HTTP requests using `IFormFile`. You can handle single/multiple files with strong validation and secure storage. File upload is a common yet sensitive feature in web apps.
π§ Analogy / Short Story
Imagine a hotel accepting guest luggage. Before storing it, they check the bag size, tag it, scan for threats, and store it in the correct room. Similarly, when your app receives files from users, you validate size/type, scan if needed, and save to a secure folder or cloud.
π§ Technical Explanation
File uploads are handled through the `IFormFile` interface. In a POST action, you can bind uploaded files using `[FromForm]` or form HTML. Ensure `enctype="multipart/form-data"` is set on the HTML form. ASP.NET Core reads files into memory or streams to disk based on size.
You must manually validate file size, type, and protect against path traversal or malicious uploads. Files can be stored in local directories, databases, or cloud services like Azure Blob or AWS S3.
π― Purpose & Use Case
- β User profile picture uploads
- β Resume/Document submission for job portals
- β Upload attachments or PDFs in enterprise systems
- β Store large media files (images/videos) securely
- β Enable downloadable content libraries
π» Real Code Example
// Controller action
[HttpPost]
public async Task Upload(IFormFile file)
{
if (file == null || file.Length == 0)
return BadRequest("File is empty");
var ext = Path.GetExtension(file.FileName);
if (ext != ".jpg" && ext != ".png")
return BadRequest("Only image files allowed");
var path = Path.Combine("wwwroot/uploads", file.FileName);
using (var stream = new FileStream(path, FileMode.Create))
{
await file.CopyToAsync(stream);
}
return Ok("Uploaded Successfully");
}
β Interview Q&A
Q1: What is `IFormFile`?
A: Itβs an interface used to represent uploaded files in ASP.NET Core.
Q2: Which HTML form attribute is needed for uploads?
A: `enctype="multipart/form-data"`
Q3: How do you validate file type?
A: By checking the file extension and MIME type.
Q4: Can you upload multiple files?
A: Yes, by binding `List
Q5: How do you store uploaded files securely?
A: Use sanitized paths, restricted folders, and virus scanning.
Q6: Is it possible to upload files via API?
A: Yes, using `[FromForm]` in controller or Swagger UI.
Q7: How can you restrict file size?
A: Validate `file.Length` manually and use middleware options.
Q8: What storage options are available?
A: Local disk, database BLOBs, or cloud storage.
Q9: Can large files crash the app?
A: Yes, if not handled using streaming or size limits.
Q10: How to handle file name collisions?
A: Rename file using GUIDs or timestamps before saving.
π MCQs
Q1. Which interface handles file uploads?
- IFile
- FileUpload
- IFormFile
- HttpFile
Q2. Which form enctype is required?
- text/html
- application/json
- multipart/form-data
- file/upload
Q3. Which method copies file to disk?
- WriteAsync()
- SaveFile()
- CopyToAsync()
- Upload()
Q4. How to allow only images?
- Check name
- Check size
- Check extension/MIME type
- None
Q5. Where is file stored temporarily?
- Database
- Only RAM
- Memory or disk
- Cache
Q6. Which namespace is required?
- System.Net
- System.Web
- Microsoft.AspNetCore.Http
- System.IO.Files
Q7. How to allow multiple files?
- Loop IFormFile
- Use List<IFormFile>
- One request per file
- It’s not possible
Q8. How to prevent path traversal?
- Rename folder
- Block API
- Sanitize file names
- Encrypt file
Q9. Best place to store large files?
- RAM
- DB only
- Cloud (Azure, S3)
- Temp folder
Q10. How to avoid duplicate files?
- Ignore duplicates
- Fail upload
- Use GUID in filename
- Ask user
π‘ Bonus Insight
Always scan and validate uploaded files, especially when accepting public user input. Never trust file extensions alone. Always check MIME types and consider virus scanning in high-risk apps.
π PDF Download
Need a handy summary for your notes? Download this topic as a PDF!