eBay will accept a jpeg named "image.exe" and do the right thing (try it). And yet, the cutesoft editor demo will not accept a legitimate jpeg named "image.exe". Do you honestly believe that your solution is safer than that of eBay?

 

HTTPPostedFile's contenttype property checks signatures within the bits of the stream to detect mimetype, as does eBay's software.

 

My server software handles uploaded jpegs and gifs differently. I was able to reliably identify jpegs and gifs using HTTPPostedFile. How can I do that with your file upload product? I cannot.