The FileUpload.SaveAs(string) method saves the contents of an uploaded file to a specified path on the Web server.

The System.Web.UI.WebControls.FileUpload control does not automatically save a file to the server after the user selects the file to upload. You must explicitly provide a control or mechanism to allow the user to submit the specified file. For example, you can provide a button that the user clicks to upload the file. The code that you write to save the specified file should call the FileUpload.SaveAs(string) method, which saves the contents of a file to a specified path on the server. Typically, the FileUpload.SaveAs(string) method is called in an event-handling method for an event that raises a post back to the server. For example, if you provide a button to submit a file, the code to save the file to the server could then be included inside the event-handling method for the click event.

When you call the FileUpload.SaveAs(string) method, you must specify the full path of the directory on the server in which to save the uploaded file. If you do not explicitly specify a path in your application code, an System.Web.HttpException exception is thrown when a user attempts to upload a file. This behavior helps keep the files on the server secure, by not allowing users to specify a path in which to save the files that they upload.

Before calling the FileUpload.SaveAs(string) method, you should use the FileUpload.HasFile property to verify that the System.Web.UI.WebControls.FileUpload control contains a file to upload. If the FileUpload.HasFile returns true, call the FileUpload.SaveAs(string) method. If it returns false, display a message to the user indicating that the control does not contain a file. If you do not provide error-handling code to verify that a file exists, an attempt to save a nonexistent file throws an System.Web.HttpException exception.

For a call to the FileUpload.SaveAs(string) to work, the ASP.NET application must have write access to the directory on the server. There are two ways that the application can get write access. You can explicitly grant write access to the account under which the application is running, in the directory in which the uploaded files will be saved. Alternatively, you can increase the level of trust that is granted to the ASP.NET application. To get write access to the executing directory for the application, the application must be granted the System.Web.AspNetHostingPermission object with the trust level set to the System.Web.AspNetHostingPermissionLevel.Medium value. Increasing the level of trust increases the application's access to resources on the server. Note that this is not a secure approach, because a malicious user who gains control of your application will also be able to run under this higher level of trust. It is a best practice to run an ASP.NET application in the context of a user who has the minimum privileges that are required for the application to run. For more information about security in ASP.NET applications, see Basic Security Practices for Web Applications and ASP.NET Trust Levels and Policy Files.

Namespace: System.Web.UI.WebControls
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0