By default when you upload files using ASP.NET Web API, the files are saved using a random filename.
This is not a bug, but a security decision Microsoft made. They considered it a security risk to take the file name provided in the Content-Disposition header field and decided instead to compute a file name.
You can easily solve this by deriving from the default MultiPartFormDataStreamProvider and provide your own naming mechanism:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class FilenameMultipartFormDataStreamProvider : MultipartFormDataStreamProvider | |
{ | |
public FilenameMultipartFormDataStreamProvider(string path) : base(path) | |
{ | |
} | |
public override string GetLocalFileName(System.Net.Http.Headers.HttpContentHeaders headers) | |
{ | |
var name = !string.IsNullOrWhiteSpace(headers.ContentDisposition.FileName) ? headers.ContentDisposition.FileName : Guid.NewGuid().ToString(); | |
return name.Replace("\"",string.Empty); | |
} | |
} |
If you want to know some more about uploading files using Web API, I recommend the following blog post: A guide to asynchronous file uploads in ASP.NET Web API RTM