AjaxUploader
v5.1 feature reference

Every capability,
one control.

AjaxUploader 5.1 ships everything a modern upload UX needs: 7 transport strategies, 4 cloud-source pickers, client-side AES-GCM encryption-at-rest, offline-first queueing, inline image annotation, HEIC auto-convert, pre-upload virus scanning, cross-tab coordination, 30 built-in locales (incl. RTL), and the CuteWebUI 4.x shim so existing pages keep compiling.

See it running - 119 demos Download package

What's new in 5.1

15 new capabilities

The biggest release since the v5 platform launch.

Cloud-source pickers, encryption-at-rest, offline queueing, inline annotation, virus-scan integration, cross-tab coordination, GCS resumable, 10 new locales, and more. All additive - no breaking changes from 5.0.

Cloud sources
Google Drive . Dropbox . OneDrive . Box

Built-in OAuth pickers, lazy-loaded. Each adapter resolves with RemoteFile[] handed to the existing URL-import pipeline with NDJSON live progress.

Compliance
Encryption-at-rest (AES-GCM-256)

PBKDF2 (200k iter), per-file salt + IV. Server only ever sees ciphertext. Static decryptFile() helper for browser-side viewers. Unique among major upload components.

Compliance
Pre-upload virus scan

One virusScan hook integrates ClamAV / VirusTotal / Defender. Companion /scan endpoint in multipleupload/server for Node hosts.

Resilience
Offline-first queueing + SW

Files queue to IndexedDB while offline; uploads auto-resume when the connection returns. registerServiceWorker() for background sync even with the tab closed.

Resilience
Custom retry policy + throttle

Pluggable retryPolicy(attempt, error, ctx) for Retry-After / jitter / wall-clock budgets. maxUploadBytesPerSecond for bandwidth-friendly transfers.

Multi-tab
Cross-tab + dashboard widget

BroadcastChannel coordination prevents duplicate uploads across tabs. A "manager" tab can aggregate every tab's progress via subscribeAllTabs() + createMultiTabDashboard().

Image pipeline
HEIC + 5 presets + annotation

iPhone HEIC auto-converts to JPEG. Presets: avatar, thumbnail, web-banner, document, social-card. Inline 6-tool markup (pen/arrow/rect/text/blur/eraser) before upload.

Composable UI
StatusBar + Informer widgets

Extractable progress chrome - createStatusBar(target, opts) mounts progress + speed + ETA + controls anywhere on the page; createInformer() renders event toasts into your notification slot.

UX
Drag-to-reorder + keyboard

enableQueueReorder lets users drag pending tasks to change priority - or use Arrow Up/Down for keyboard accessibility (WCAG 2.1 out of box). Mobile cameraCapture for direct rear/front camera launch.

Preview
PDF + video in lightbox

The lightbox auto-detects media kind and renders inline: images, sandboxed PDF iframe, native HTML5 video player. Blob-derived URLs auto-revoked on close. Video auto-pauses to free decoder + bandwidth.

i18n
30 locales (10 new)

Added Swedish, Norwegian, Danish, Finnish, Hungarian, Romanian, Bulgarian, Greek, Bengali, Ukrainian - bringing the total to 30. Arabic and Hebrew with right-to-left layout. registerLocale() for everything else.

Framework wrappers
React + Vue + Svelte + Angular

All 4 major frameworks covered with first-class wrappers (npm subpath exports). Plus a server-side Express/Connect middleware that mirrors the same protocols as ajaxupload.axd.

Transport

Pluggable upload strategies.

One Strategy property selects the transport from 7 built-in choices. Switch from server-side chunked upload to direct-to-S3 multipart without rewriting your upload flow. Register your own transport through AjaxUploader.registerStrategy().

single

One POST

Traditional multipart/form-data POST - ideal for small files and simple forms.

chunked

Server-side chunked

Splits the file into parts, uploads with parallel concurrency, per-chunk retry with exponential backoff, and server-side assembly.

s3

Direct-to-S3 multipart

Browser uploads each part directly to Amazon S3 (or MinIO, Backblaze B2, Cloudflare R2, Wasabi) via your server-signed presigned URLs. Your server never sees the bytes.

azure

Direct-to-Azure Blob

PutBlock + PutBlockList against a pre-signed blob SAS URL. Same pattern as S3 - client does all the work, server just signs.

Direct-to-GCS resumable NEW 5.1

Google Cloud Storage resumable upload protocol: server initiates the session via IGcsSigner, browser PUTs chunks with Content-Range headers. 256 KiB grain auto-aligned. Resume contract reads GCS's 308 Resume Incomplete for byte-exact continuation.

tus

tus 1.0 protocol

Zero-dependency tus 1.0 client with Core + Creation + Termination extensions. Interop with tusd, uppy-companion, and any tus server.

urlImport

Server URL import

Paste a URL; the server fetches it and streams through your provider. Client sees live NDJSON progress events during the fetch.

Resume & reliability

Uploads that survive reloads, crashes, and flaky networks.

Every in-flight upload persists to IndexedDB automatically. When the user returns, the task rehydrates with its strategy, server-side session handles (tus URL, S3 part ETags, chunk offsets), and progress intact - then continues from where it stopped.

IndexedDB persistence

Pluggable adapter: localStorage (metadata only) or indexeddb (metadata + File blobs).

Full auto-rehydrate

chunked, s3, tus all continue mid-upload. Call resumeFromState() and the task picks up its old server session.

Parallel chunks

Configurable ChunkConcurrency keeps the pipe full. Per-chunk retry with exponential backoff.

Smoothed progress

Sliding-window speed average, per-file and overall progress, ETA, and chunk-level visualization in custom UIs.

Web Worker hashing

SHA-256 and CRC32 run off the main thread. Gigabyte hashing without UI jank, with CSP-safe main-thread fallback.

Cancel / pause / retry

Per-task and batch-wide controls with an AbortController hooked into every XHR and fetch.

Input & UI

Every way users want to add files.

Drag-and-drop is table stakes. AjaxUploader adds folder traversal, full-page drop overlay, clipboard paste, server URL import, and an inline image editor with interactive crop - all through a single API.

Drag & drop

Styled drop zones with hover feedback, configurable full-page drop overlay, and per-zone file scoping.

Folder upload

Dropping a folder recursively enumerates files and preserves relative paths. Works in every modern browser.

Clipboard paste

Paste screenshots or copied files directly into the uploader. One-line config enables paste anywhere on the page.

Image editor

Rotate +/-90 deg, flip H/V, interactive crop with 8 drag handles, optional aspect-ratio lock. Touch + mouse.

Thumbnails + lightbox

Client-side thumbnails for images, video, audio, and PDFs. Built-in lightbox preview for gallery layouts.

Image pipeline

Resize, compress, rotate, crop, flip, watermark, and auto-orient via EXIF - all client-side before the upload starts.

i18n

Every user-facing string is localized. Ships with several locales; registering your own is one object literal.

Theme-ready

Default, Bootstrap, Tailwind, and dark-mode themes out of the box. CSS variables expose every color + radius + spacing.

Custom UIs

Rich event model with onBeforeUpload, onTaskProgress, chunkComplete, and more - plug into external progress bars, queue tables, or wizards.

Validation & security

Reject garbage before it leaves the browser.

Client-side validation saves bandwidth and gives instant feedback; server-side re-validation enforces the truth. AjaxUploader wires both.

Extensions + MIME

Allowlist extensions and MIME types. Optional magic-byte sniffing reads the first 16 bytes to catch spoofed extensions.

Size + dimensions

Min/max file size, min/max image width + height enforced before any bytes transfer.

Duplicate detection

Reject duplicate files in the queue by name + size, or by content hash.

Content hashing

SHA-256 or CRC32 computed client-side in a Web Worker, sent to the server for de-dup, integrity, or signature workflows.

Antiforgery tokens

First-class support for __RequestVerificationToken and ASP.NET Core antiforgery across all strategies.

AV scan hook

Post-upload FileUploaded event gives you the file path before it's persisted - run ClamAV, Defender, or any scanner before accepting.

Architecture

Server controls over a pluggable provider.

Web Forms teams get drop-in server controls; power users can swap the storage provider, register strategies, or author their own transports.

AjaxFileUpload

The primary server control. Renders the client, wires postback events, exposes UploadedFiles in code-behind.

AjaxDropZone

Standalone drop-zone variant for layouts where the button belongs elsewhere on the page.

AjaxAttachments

Attachments-style control for email composers, ticket forms, and reply screens. Preloaded-file support included.

IUploaderProvider

Swap storage without touching UI: FileSystemProvider ships in-box; plug in your own for S3/Azure/DB/CDN.

IS3Signer + IAzureSigner + IGcsSigner

Thin interfaces the direct-to-cloud endpoints dispatch to. No AWS / Azure / Google SDK bundled in the core assembly - your host plugs in the signer.

tus endpoint

Filesystem-backed TusStorage with Core + Creation + Termination extensions. Hands off to the upload pipeline on completion.

ajaxupload.axd

Single IHttpHandler serves embedded JS/CSS and routes upload, chunk, s3, azure, tus, and import-url endpoints.

CuteWebUI 4.x shim

Legacy namespace + compatibility assembly so existing 4.x pages keep compiling. Migrate to native v5 at your own pace.

Shared JS core

One canonical JavaScript source shared with CoreUpload (ASP.NET Core) and MultipleUpload (standalone). Branded at build time.

Want to see it all in action?

101 ready-to-run demos ship with the download package. Open AjaxUploader.Demos.csproj in Visual Studio, hit F5, and every feature on this page has a working sample page to learn from.

Browse 119 Demos Download Package