本文转自:https://docs.microsoft.com/en-us/aspnet/core/mvc/models/file-uploads

By Steve Smith

ASP.NET MVC actions support uploading of one or more files using simple model binding for smaller files or streaming for larger files.

View or download sample from GitHub

Uploading small files with model binding

To upload small files, you can use a multi-part HTML form or construct a POST request using JavaScript. An example form using Razor, which supports multiple uploaded files, is shown below:

HTML Copy 
<form method="post" enctype="multipart/form-data" asp-controller="UploadFiles" asp-action="Index">

    <div class="form-group">

        <div class="col-md-10">

            <p>Upload one or more files using this form:</p>

            <input type="file" name="files" multiple />

        </div>

    </div>

    <div class="form-group">

        <div class="col-md-10">

            <input type="submit" value="Upload" />

        </div>

    </div>

</form>

In order to support file uploads, HTML forms must specify an enctype of multipart/form-data. The files input element shown above supports uploading multiple files. Omit the multiple attribute on this input element to allow just a single file to be uploaded. The above markup renders in a browser as:

The individual files uploaded to the server can be accessed through Model Binding using the IFormFile interface. IFormFile has the following structure:

C# Copy 
public interface IFormFile

{

    string ContentType { get; }

    string ContentDisposition { get; }

    IHeaderDictionary Headers { get; }

    long Length { get; }

    string Name { get; }

    string FileName { get; }

    Stream OpenReadStream();

    void CopyTo(Stream target);

    Task CopyToAsync(Stream target, CancellationToken cancellationToken = null);

}

Warning

Don't rely on or trust the FileName property without validation. The FileName property should only be used for display purposes.

When uploading files using model binding and the IFormFile interface, the action method can accept either a single IFormFile or an IEnumerable<IFormFile> (or List<IFormFile>) representing several files. The following example loops through one or more uploaded files, saves them to the local file system, and returns the total number and size of files uploaded.

Warning: The following code uses GetTempFileName, which throws an IOException if more than 65535 files are created without deleting previous temporary files. A real app should either delete temporary files or use GetTempPath and GetRandomFileName to create temporary file names. The 65535 files limit is per server, so another app on the server can use up all 65535 files.

C# Copy 
[HttpPost("UploadFiles")]

public async Task<IActionResult> Post(List<IFormFile> files)

{

    long size = files.Sum(f => f.Length);

    // full path to file in temp location

    var filePath = Path.GetTempFileName();

    foreach (var formFile in files)

    {

        if (formFile.Length > 0)

        {

            using (var stream = new FileStream(filePath, FileMode.Create))

            {

                await formFile.CopyToAsync(stream);

            }

        }

    }

    // process uploaded files

    // Don't rely on or trust the FileName property without validation.

    return Ok(new { count = files.Count, size, filePath});

}

Files uploaded using the IFormFile technique are buffered in memory or on disk on the web server before being processed. Inside the action method, the IFormFile contents are accessible as a stream. In addition to the local file system, files can be streamed to Azure Blob storage or Entity Framework.

To store binary file data in a database using Entity Framework, define a property of type byte[] on the entity:

C# Copy 
public class ApplicationUser : IdentityUser

{

    public byte[] AvatarImage { get; set; }

}

Specify a viewmodel property of type IFormFile:

C# Copy 
public class RegisterViewModel

{

    // other properties omitted

    public IFormFile AvatarImage { get; set; }

}

Note

IFormFile can be used directly as an action method parameter or as a viewmodel property, as shown above.

Copy the IFormFile to a stream and save it to the byte array:

C# Copy 
// POST: /Account/Register

[HttpPost]

[AllowAnonymous]

[ValidateAntiForgeryToken]

public async Task<IActionResult> Register(RegisterViewModel model)

{

    ViewData["ReturnUrl"] = returnUrl;

    if  (ModelState.IsValid)

    {

        var user = new ApplicationUser {

          UserName = model.Email,

          Email = model.Email

        };

        using (var memoryStream = new MemoryStream())

        {

            await model.AvatarImage.CopyToAsync(memoryStream);

            user.AvatarImage = memoryStream.ToArray();

        }

    // additional logic omitted

    // Don't rely on or trust the model.AvatarImage.FileName property

    // without validation.

}

Note

Use caution when storing binary data in relational databases, as it can adversely impact performance.

Uploading large files with streaming

If the size or frequency of file uploads is causing resource problems for the app, consider streaming the file upload rather than buffering it in its entirety, as the model binding approach shown above does. While using IFormFile and model binding is a much simpler solution, streaming requires a number of steps to implement properly.

Note

Any single buffered file exceeding 64KB will be moved from RAM to a temp file on disk on the server. The resources (disk, RAM) used by file uploads depend on the number and size of concurrent file uploads. Streaming isn't so much about perf, it's about scale. If you try to buffer too many uploads, your site will crash when it runs out of memory or disk space.

The following example demonstrates using JavaScript/Angular to stream to a controller action. The file's antiforgery token is generated using a custom filter attribute and passed in HTTP headers instead of in the request body. Because the action method processes the uploaded data directly, model binding is disabled by another filter. Within the action, the form's contents are read using a MultipartReader, which reads each individual MultipartSection, processing the file or storing the contents as appropriate. Once all sections have been read, the action performs its own model binding.

The initial action loads the form and saves an antiforgery token in a cookie (via the GenerateAntiforgeryTokenCookieForAjax attribute):

C# Copy 
[HttpGet]

[GenerateAntiforgeryTokenCookieForAjax]

public IActionResult Index()

{

    return View();

}

The attribute uses ASP.NET Core's built-in Antiforgery support to set a cookie with a request token:

C# Copy 
public class GenerateAntiforgeryTokenCookieForAjaxAttribute : ActionFilterAttribute

{

    public override void OnActionExecuted(ActionExecutedContext context)

    {

        var antiforgery = context.HttpContext.RequestServices.GetService<IAntiforgery>();

        // We can send the request token as a JavaScript-readable cookie,

        // and Angular will use it by default.

        var tokens = antiforgery.GetAndStoreTokens(context.HttpContext);

        context.HttpContext.Response.Cookies.Append(

            "XSRF-TOKEN",

            tokens.RequestToken,

            new CookieOptions() { HttpOnly = false });

    }

}

Angular automatically passes an antiforgery token in a request header named X-XSRF-TOKEN. The ASP.NET Core MVC app is configured to refer to this header in its configuration in Startup.cs:

C# Copy 
public void ConfigureServices(IServiceCollection services)

{

    // Angular's default header name for sending the XSRF token.

    services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");

    services.AddMvc();

}

The DisableFormValueModelBinding attribute, shown below, is used to disable model binding for the Upload action method.

C# Copy 
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]

public class DisableFormValueModelBindingAttribute : Attribute, IResourceFilter

{

    public void OnResourceExecuting(ResourceExecutingContext context)

    {

        var factories = context.ValueProviderFactories;

        factories.RemoveType<FormValueProviderFactory>();

        factories.RemoveType<JQueryFormValueProviderFactory>();

    }

    public void OnResourceExecuted(ResourceExecutedContext context)

    {

    }

}

Since model binding is disabled, the Upload action method doesn't accept parameters. It works directly with the Request property of ControllerBase. A MultipartReader is used to read each section. The file is saved with a GUID filename and the key/value data is stored in a KeyValueAccumulator. Once all sections have been read, the contents of the KeyValueAccumulator are used to bind the form data to a model type.

The complete Upload method is shown below:

Warning: The following code uses GetTempFileName, which throws an IOException if more than 65535 files are created without deleting previous temporary files. A real app should either delete temporary files or use GetTempPath and GetRandomFileName to create temporary file names. The 65535 files limit is per server, so another app on the server can use up all 65535 files.

C# Copy 
// 1. Disable the form value model binding here to take control of handling

//    potentially large files.

// 2. Typically antiforgery tokens are sent in request body, but since we

//    do not want to read the request body early, the tokens are made to be

//    sent via headers. The antiforgery token filter first looks for tokens

//    in the request header and then falls back to reading the body.

[HttpPost]

[DisableFormValueModelBinding]

[ValidateAntiForgeryToken]

public async Task<IActionResult> Upload()

{

    if (!MultipartRequestHelper.IsMultipartContentType(Request.ContentType))

    {

        return BadRequest($"Expected a multipart request, but got {Request.ContentType}");

    }

    // Used to accumulate all the form url encoded key value pairs in the

    // request.

    var formAccumulator = new KeyValueAccumulator();

    string targetFilePath = null;

    var boundary = MultipartRequestHelper.GetBoundary(

        MediaTypeHeaderValue.Parse(Request.ContentType),

        _defaultFormOptions.MultipartBoundaryLengthLimit);

    var reader = new MultipartReader(boundary, HttpContext.Request.Body);

    var section = await reader.ReadNextSectionAsync();

    while (section != null)

    {

        ContentDispositionHeaderValue contentDisposition;

        var hasContentDispositionHeader = ContentDispositionHeaderValue.TryParse(section.ContentDisposition, out contentDisposition);

        if (hasContentDispositionHeader)

        {

            if (MultipartRequestHelper.HasFileContentDisposition(contentDisposition))

            {

                targetFilePath = Path.GetTempFileName();

                using (var targetStream = System.IO.File.Create(targetFilePath))

                {

                    await section.Body.CopyToAsync(targetStream);

                    _logger.LogInformation($"Copied the uploaded file '{targetFilePath}'");

                }

            }

            else if (MultipartRequestHelper.HasFormDataContentDisposition(contentDisposition))

            {

                // Content-Disposition: form-data; name="key"

                //

                // value

                // Do not limit the key name length here because the

                // multipart headers length limit is already in effect.

                var key = HeaderUtilities.RemoveQuotes(contentDisposition.Name);

                var encoding = GetEncoding(section);

                using (var streamReader = new StreamReader(

                    section.Body,

                    encoding,

                    detectEncodingFromByteOrderMarks: true,

                    bufferSize: 1024,

                    leaveOpen: true))

                {

                    // The value length limit is enforced by MultipartBodyLengthLimit

                    var value = await streamReader.ReadToEndAsync();

                    if (String.Equals(value, "undefined", StringComparison.OrdinalIgnoreCase))

                    {

                        value = String.Empty;

                    }

                    formAccumulator.Append(key, value);

                    if (formAccumulator.ValueCount > _defaultFormOptions.ValueCountLimit)

                    {

                        throw new InvalidDataException($"Form key count limit {_defaultFormOptions.ValueCountLimit} exceeded.");

                    }

                }

            }

        }

        // Drains any remaining section body that has not been consumed and

        // reads the headers for the next section.

        section = await reader.ReadNextSectionAsync();

    }

    // Bind form data to a model

    var user = new User();

    var formValueProvider = new FormValueProvider(

        BindingSource.Form,

        new FormCollection(formAccumulator.GetResults()),

        CultureInfo.CurrentCulture);

    var bindingSuccessful = await TryUpdateModelAsync(user, prefix: "",

        valueProvider: formValueProvider);

    if (!bindingSuccessful)

    {

        if (!ModelState.IsValid)

        {

            return BadRequest(ModelState);

        }

    }

    var uploadedData = new UploadedData()

    {

        Name = user.Name,

        Age = user.Age,

        Zipcode = user.Zipcode,

        FilePath = targetFilePath

    };

    return Json(uploadedData);

}

Troubleshooting

Below are some common problems encountered when working with uploading files and their possible solutions.

Unexpected Not Found error with IIS

The following error indicates your file upload exceeds the server's configured maxAllowedContentLength:

Copy 
HTTP 404.13 - Not Found

The request filtering module is configured to deny a request that exceeds the request content length.

The default setting is 30000000, which is approximately 28.6MB. The value can be customized by editing web.config:

XML Copy 
<system.webServer>

  <security>

    <requestFiltering>

      <!-- This will handle requests up to 50MB -->

      <requestLimits maxAllowedContentLength="52428800" />

    </requestFiltering>

  </security>

</system.webServer>

This setting only applies to IIS. The behavior doesn't occur by default when hosting on Kestrel. For more information, see Request Limits <requestLimits>.

Null Reference Exception with IFormFile

If your controller is accepting uploaded files using IFormFile but you find that the value is always null, confirm that your HTML form is specifying an enctype value of multipart/form-data. If this attribute isn't set on the <form> element, the file upload won't occur and any bound IFormFile arguments will be null.

[转]File uploads in ASP.NET Core的更多相关文章

  1. File upload in ASP.NET Core web API

    参考1:File upload in ASP.NET Core web API https://www.janaks.com.np/file-upload-asp-net-core-web-api/ ...

  2. ASP.NET Core MVC如何上传文件及处理大文件上传

    用文件模型绑定接口:IFormFile (小文件上传) 当你使用IFormFile接口来上传文件的时候,一定要注意,IFormFile会将一个Http请求中的所有文件都读取到服务器内存后,才会触发AS ...

  3. asp dotnet core 支持客户端上传文件

    本文告诉大家如何在 asp dotnet core 支持客户端上传文件 新建一个 asp dotnet core 程序,创建一个新的类,用于给客户端上传文件的信息 public class Kanaj ...

  4. 如何在ASP.NET Core中自定义Azure Storage File Provider

    文章标题:如何在ASP.NET Core中自定义Azure Storage File Provider 作者:Lamond Lu 地址:https://www.cnblogs.com/lwqlun/p ...

  5. ASP.NET Core 2.0中如何更改Http请求的maxAllowedContentLength最大值

    Web.config中的maxAllowedContentLength这个属性可以用来设置Http的Post类型请求可以提交的最大数据量,超过这个数据量的Http请求ASP.NET Core会拒绝并报 ...

  6. ASP.NET Core Logging Solution

    Serilog.Extensions.Logging.File This package makes it a one-liner - loggerFactory.AddFile() - to con ...

  7. ASP.NET Core File Providers

    原文地址:FileProvider By Steve Smith ASP.NET Core通过对File Providers的使用实现了对文件系统访问的抽象. 查看或下载示例代码 File Provi ...

  8. [ASP.NET Core] Static File Middleware

    前言 本篇文章介绍ASP.NET Core里,用来处理静态档案的Middleware,为自己留个纪录也希望能帮助到有需要的开发人员. ASP.NET Core官网 结构 一个Web站台最基本的功能,就 ...

  9. Asp.net mvc 3 file uploads using the fileapi

    Asp.net mvc 3 file uploads using the fileapi I was recently given the task of adding upload progress ...

随机推荐

  1. android应用搬家的实现

    android手机上的应用搬家功能,具体的介绍和原理参考: 系统目录及应用搬家的研究 应用搬家的实现 这里主要是作为一个补充,因为上面两篇文章虽然讲的挺好的,但是给出的例子不能直接运行,还是需要一些准 ...

  2. Global.asax和HttpModule的执行顺序

    Application_Start-->用户自定义的HttpModule-->Application_BeginRequest   (注册->调用) 看到Init方法(在用户自定义的 ...

  3. (二)Mahapps标题栏

    一.MetroWindow 是什么? 1.默认的MetroWindow由以下几部分组成: (1)标题栏的显示/不显示: ShowTitleBar="False" (2)调节柄并不是 ...

  4. C#读取excel文件,并生成json

    这次介绍两种方法,第一种是安装AccessDatabaseEngine,第二种是利用Npoi读取excel 一.第一种利用AccessDatabaseEngine进行读取excel文件 1.安装Acc ...

  5. 构造回文-C++实现

    腾讯2017暑期实习生招聘笔试题……做了一个世纪才做出来 //腾讯2017暑期实习生招聘第一道题.做了一个世纪才做出来………………太菜了 /** 题目: 给定一个字符串s,你可以从中删除一些字符,使得 ...

  6. PropertyPlaceHolderConfigurer中的location是不是用错了?

    本文由作者张远道授权网易云社区发布. spring中常用PropertyPlaceHolderConfigurer来读取properties配置文件的配置信息.常用的配置方式有两种,一种是使用loca ...

  7. JVM内存回收区域+对象存活的判断+引用类型+垃圾回收线程

    此文已由作者赵计刚薪授权网易云社区发布. 欢迎访问网易云社区,了解更多网易技术产品运营经验. 注意:本文主要参考自<深入理解Java虚拟机(第二版)> 说明:查看本文之前,推荐先知道JVM ...

  8. 程序媛计划——SQLite初级

    数据库简介 数据库定义: 指的是以一定方式储存在一起.能为多个用户共享.具有尽可能小的冗余度.与应用程序彼此独立的数据集合.是带有相关数据的表的集合. 数据库是由行和列组成的二维表. 字段: 数据库表 ...

  9. PHP之旅4 php 超全局变量

    预定义数组: 自动全局变量---超全局数组 1.包含了来自web服务器,客户端,运行环境和用户输入的数据 2.这些数组比较特别 3.全局范围内自动生效,都可以直接使用这些数组 4.用户不能自定义这些数 ...

  10. eclipse代码中使用到Launcher获取类加载器,找不到启动器类。

    解决:移除系统依赖的jar包,重新导入. 只需要在project build path中先移除JRE System Library,再添加库JRE System Library,重新编译后就一切正常了 ...