How to Upload Files in ASP.NET MVC
Uploading files from a client computer to the remote server is quite a common task for many websites and applications. It’s widely used in social nets, forums, online auctions, etc.
There are a variety of upload components in ASP.NET MVC that serve to resolve one or another upload tasks, for example you may need to upload single or multiple files, work with files of small or very large size, transfer entire folders or files only, just upload images or preprsdfsdf s sd focess them beforehand. Thus, you need to find the upload tool that is not only fast and reliable, but also suits your requirements.
Here we'll explore which upload approach is better to use when, but before that let's take a look at ASP.NET MVC file upload in general.
File Upload Basics
During the file upload process, only two parts of the MVC model interact with each other – a view and a controller. Let’s examine the file upload process step by step:
- A user visits a web page with an uploader (represented by View) and chooses files to be uploaded.
- When the upload is started, the uploader packs the files into a POST request and sends this request to the server.
- ASP.NET caches all data in server memory or to disk depending on the uploaded file size.
- ASP.NET MVC defines the controller and appropriate action method that will handle the request.
- The action method handles the request (for example, saves files on a hard disk, or updates a database, etc.) through the
Controller.Request
property, which gets theHttpPostedFilesBase
object for the current request. - ASP.NET MVC sends an answer to the client through
Controller.Response
.
You can configure file upload settings by specifying appropriate attributes in the web.config (or machine.config if you want to make server-wide changes). Let’s see what attributes are used to limit the file upload:
maxRequestLength
– the request size limit in kilobytes (the default value is 4096 KB).requestLengthDiskThreshold
– the limit of data buffered in the server memory in kilobytes (the default value is 80 KB).executionTimeout
– the allowed execution time for the request before being automatically shut down by ASP.NET (the default value is 110 seconds).
All these attributes should be specified in the <httpRuntime>
section.
Note: Avoid specifying "unlimited" (very large) values there. Specifying realistic limits, you can improve the performance of your server or reduce the risk of DoS attacks.
We’ve basically described how ASP.NET MVC organizes file upload. However, if we look deeper into it, we’ll understand that the file upload also depends on the View implementation: it can be simple <input type=”file”>
elements, HTML5, Flash, Java, or preexisting third-party uploader applications. Let’s start with the first one – single file upload using the HTML control.
Single File Upload
This approach has quite limited functionality, but it’s still the simplest way to upload a single file at a time and will work in any popular browser.
Firstly, we consider the view. Our view consists of an HTML form containing the button, which opens a select file dialog, and Submit, which sends the chosen file to the server in a POST request. The view code with razor syntax may look as follows:
<h2>Basic File Upload</h2> @using (Html.BeginForm ("Index", "Home", FormMethod.Post, new { enctype = "multipart/form-data" })) { <label for="file">Upload Image:</label> <input type="file" name="file" id="file"/><br><br> <input type="submit" value="Upload Image"/> <br><br> @ViewBag.Message }
Let's highlight the important parts:
- The
Html.BeginForm
method creates an HTML form that includes the HTML file control, the submit button, and a message, which declares whether the file is saved successfully or not. - The form method is
POST
, and the form encoding type ismultipart/form-data
. These parameters are required for uploading binary data to the server. - The
input
element havingtype=”file”
displays the Choose File button and the field containing a selected file name. - The
name
of theinput
element identifies the uploaded file in theHttpPostedFilesBase
object.
After a user submits the form, the View sends posted data to the Action method of the Controller that handles file upload. Draw attention on the HttpPost
attribute before the action method - it says that the Action should be triggered not only for regular GET requests, but also POST requests. Otherwise it won't get the uploaded file.
Using this approach, you don’t need to read the file from Request
, because you can access the POSTed file directly through the HttpPostedFilesBase
object due to model binding. The action model looks like this:
[HttpPost] public ActionResult Index(HttpPostedFileBase file) { if (file != null && file.ContentLength > 0) try { string path = Path.Combine(Server.MapPath("~/Images"), Path.GetFileName(file.FileName)); file.SaveAs(path); ViewBag.Message = "File uploaded successfully"; } catch (Exception ex) { ViewBag.Message = "ERROR:" + ex.Message.ToString(); } else { ViewBag.Message = "You have not specified a file."; } return View(); }
The action method receives the uploaded file, tries to save it to the Images folder, and shows a message indicating whether or not the file is saved successfully. Note, the input control name in the view has the same name as the HttpPostedFilesBase
object (it’s file
in our case).
After running this application you will see the following form:
Once a user chooses a file and clicks the Upload Image button, the following form with the message (if the uploaded file is saved successfully) will be shown:
Keep security in mind!
Note: This simple application allows you to transfer the user’s files to you server, but it doesn’t care about the security. The server may be compromised by a virus or other malicious data uploaded by someone. Thus, you should add some file upload restrictions to the controller. There are several security concerns, which allow you to consider whether to accept an uploaded file or not. For example, you can verify the checksum of the uploaded file or control file type by checking the extension (but this can be easily spoofed).
This approach is pretty good, if you upload a few small files one by one, but it’s rarely used due to the following disadvantages:
- Uploading a lot of files becomes a nightmare - a user has to click the Choose file button for each file.
- Uploading large files is not convenient - the page freezes and doesn’t display upload progress while the file upload is being processed.
- After submitting the form all fields are cleared, thus if the form doesn’t correspond to validation, a user has to fill all the fields again.
- Every browser displays the form in a different way:
Let’s see how we can go beyond the disadvantages of this HTML control.
Multiple Files Upload
The application we discussed above can be easily transformed to support multiple file upload: just specify as many file inputs in the view as the number of files you want to be uploaded simultaneously. Note, all inputs should have the same name. This allows the ASP.NET MVC to accept an array of uploaded files and iterate through them in the action method. However, in the case that a user needs to choose each file separately this is inconvenient, especially when uploading a large number of files.
Fortunately, there are many third-party utilities supporting the multi-upload scenario and avoiding the shortcomings of the considered HTML control.
Any modern browser supports HTML5 and/or Flash, popular platforms which allow the creating of advanced file uploaders. Thus, there are a number of open source HTML5/Flash-based uploaders available with a large community of developers, for example:
- Uploadify is a jQuery plugin which allows you to build an upload interface similar to Gmail attachments.
- Fine Uploader is a JavaScript plugin tool with multiple file selection, progress bar, auto and manual upload, image preview, etc.
- Plupload is an upload tool based on several browser extensions, which includes some image processing functionality.
These uploaders are very good at multiple file uploads and provide a simple interface, but they cannot perform more complicated tasks, such as:
- Pre-process images before upload (resize, generate thumbnails of several sizes, add watermarks, extract EXIF, let users crop images, etc.).
- Upload entire folders and keep the structure of the folders on the server.
- Upload hundreds of files.
- Upload files of hundreds of MB or even several GB.
- Automatically restore broken uploads.
- Speed up the upload process.
All these scenarios are ideal for Aurigma’s Upload Suite. You can do it with few lines of code.
See how to get startedGet a free 30-day trial
Upload Suite includes premium uploaders based on various technologies (HTML5, Flash, Java, ActiveX) for any server technology – ASP.NET and PHP, classic ASP and JSP, Ruby-on-rails and node.js.