<%@ Page Language=\"C#\" AutoEventWireup=\"true\" CodeBehind=\"UploadPic.aspx.cs\" Inherits=\"Pic_Try.UploadPic\" %>

<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">

<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head runat=\"server\">
 <title>图片上传和显示</title>
 <style type=\"text/css\">
 .pic_text{ color:Red;}
 .pic_label { color:Gray; margin-top:5px; margin-bottom:5px;}
 .pic_image { margin:5px;}
 </style>
</head>
<body>
 <form id=\"form1\" runat=\"server\">
 <div class=\"pic_image\"><asp:Image ID=\"pic\" runat=\"server\" /></div>
 <div><asp:FileUpload ID=\"pic_upload\" runat=\"server\" /><asp:Label ID=\"lbl_pic\" runat=\"server\" class=\"pic_text\"></asp:Label></div>
 <div class=\"pic_label\">上传图片格式为.jpg, .gif, .bmp,.png,图片大小不得超过8M</div>
 <div><asp:Button ID=\"btn_upload\" runat=\"server\" Text=\"上传\" onclick=\"btn_upload_Click\"/></div>
 </form>
 
</body>
</html>

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Security.Cryptography;
using System.Web.Security;

namespace Pic_Try
{
 public partial class UploadPic : System.Web.UI.Page
 {
 protected void Page_Load(object sender, EventArgs e)
 {

 }

 protected void btn_upload_Click(object sender, EventArgs e)
 {
  Boolean fileOk = false;
  if (pic_upload.HasFile)//验证是否包含文件
  {
  //取得文件的扩展名,并转换成小写
  string fileExtension = Path.GetExtension(pic_upload.FileName).ToLower();
  //验证上传文件是否图片格式
  fileOk = IsImage(fileExtension);

  if (fileOk)
  {
   //对上传文件的大小进行检测，限定文件最大不超过8M
   if (pic_upload.PostedFile.ContentLength < 8192000)
   {
   string filepath = \"/images/\";
   if (Directory.Exists(Server.MapPath(filepath)) == false)//如果不存在就创建file文件夹
   {
    Directory.CreateDirectory(Server.MapPath(filepath));
   }
   string virpath = filepath + CreatePasswordHash(pic_upload.FileName, 4) + fileExtension;//这是存到服务器上的虚拟路径
   string mappath = Server.MapPath(virpath);//转换成服务器上的物理路径
   pic_upload.PostedFile.SaveAs(mappath);//保存图片
   //显示图片
   pic.ImageUrl = virpath;
   //清空提示
   lbl_pic.Text = \"\";
   }
   else {
   pic.ImageUrl = \"\";
   lbl_pic.Text = \"文件大小超出8M！请重新选择！\";
   }
  }
  else {
   pic.ImageUrl = \"\";
   lbl_pic.Text = \"要上传的文件类型不对！请重新选择！\";
  }
  }
  else
  {
  pic.ImageUrl = \"\";
  lbl_pic.Text = \"请选择要上传的图片！\";
  }
 }

 /// <summary>
 /// 验证是否指定的图片格式
 /// </summary>
 /// <param name=\"str\"></param>
 /// <returns></returns>
 public bool IsImage(string str) {
  bool isimage = false;
  string thestr = str.ToLower();
  //限定只能上传jpg和gif图片
  string[] allowExtension = { \".jpg\", \".gif\", \".bmp\",\".png\" };
  //对上传的文件的类型进行一个个匹对
  for (int i = 0; i < allowExtension.Length; i++)
  {
  if (thestr == allowExtension[i])
  {
   isimage = true;
   break;
  }
  }
  return isimage;
 }

 /// <summary>
 /// 创建一个指定长度的随机salt值
 /// </summary>
 public string CreateSalt(int saltLenght)
 {
  //生成一个加密的随机数
  RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
  byte[] buff = new byte[saltLenght];
  rng.GetBytes(buff);
  //返回一个Base64随机数的字符串
  return Convert.ToBase64String(buff);
 }

 
 /// <summary>
 /// 返回加密后的字符串
 /// </summary>
 public string CreatePasswordHash(string pwd, int saltLenght)
 {
  string strSalt = CreateSalt(saltLenght);
  //把密码和Salt连起来
  string saltAndPwd = String.Concat(pwd, strSalt);
  //对密码进行哈希
  string hashenPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, \"sha1\");
  //转为小写字符并截取前16个字符串
  hashenPwd = hashenPwd.ToLower().Substring(0, 16);
  //返回哈希后的值
  return hashenPwd;
 }
 }
}

<?xml version=\"1.0\" encoding=\"utf-8\"?>

<!--
 如何配置 ASP.NET 应用程序的详细消息
 -->

<configuration>
 <system.web>
 <compilation debug=\"true\" targetFramework=\"4.0\" />
 <httpRuntime executionTimeout=\"240\" maxRequestLength=\"8192000\"/>
 </system.web>

</configuration>