Accepting User Uploads in a Nutshell
Following are the bare-bones steps to accept user uploads:
In an .aspx page, find the form tag. With Visual Studio .NET, this is always added automatically. If you're using another tool, make sure that you have the following form tag:
<form id="MyId" method="post" runat="server"> </form>
Add this attribute to the form tag enctype="multipart/form-data". The form tag will now look like this:
<form id="MyId" method="post" runat="server" enctype="multipart/form-data"> </form>
enctype determines how the form data is encoded. Whenever data is transmitted from one place to another, there needs to be an agreed-upon means of representing that data.
If you're using Visual Studio .NET, open the HTML section of the Toolbox and add a File field to the page. If you're not using Visual Studio .NET, manually add the following to the HTML:
<INPUT type="file" id="Filename">
In the File field, add a runat="server" attribute as follows:
<INPUT type="file" id="Filename" runat="server">
In your C# or VB code, you can get the filename from the Filename.PostedFile.FileName property.
Save the file to disk (on the server) by using the Filename.PostedFile.SaveAs() method. The SaveAs() method takes a single argument: a string containing the full pathname to which the file will be saved. For example:
Filename.PostedFile.SaveAs( "c:\\MyFiles\\SomeDir\\TheFile.dat" );
Filename.PostedFile.SaveAs( "c:\MyFiles\SomeDir\TheFile.dat" )
The destination directory on the server must give the necessary permissions for the save operation. Normally, the ASP.NET account won't have sufficient rights to save a file to disk. The way to fix this is to first create a directory under the application directory, and then give the Everyone group full access, as shown in Figure 1.
Figure 1 The destination directory should give the Everyone group full access.
Make sure that your web application directory doesn't give full access to the Everyone group.