AjaxUploader v5.1 · ASP.NET Web Forms
v5.2 feature reference

Every capability,
one control.

AjaxUploader 5.2 ships everything a modern upload UX needs: the self-hosted Companion broker that keeps cloud tokens server-side, 6 cloud sources, headless hooks for React, Vue, Svelte, and Angular, a content-aware image editor with smart-crop, overlays, filters, and AVIF/WebP output, 7 transport strategies, client-side AES-GCM encryption-at-rest, offline-first queueing, virus scanning, cross-tab coordination, 28 built-in locales (incl. RTL), and the CuteWebUI 4.x shim so existing pages keep compiling.

See it running - browse demos Download package

What's new in 5.2

Headline release

Server-side cloud tokens, headless UI, and a pro image editor.

The Companion broker, two new cloud sources, headless hooks for all four major frameworks, and a content-aware image editor with AVIF/WebP output. All additive - no breaking changes from 5.1.

Headline
Companion broker

A self-hosted Node/Express OAuth and file-proxy broker (multipleupload/server/companion), modeled on Uppy Companion, with zero new dependencies. Provider client secrets and access tokens stay server-side and never reach the browser. Built-in Dropbox, Box, Google Drive, OneDrive. HMAC-signed OAuth state for CSRF, pluggable token store.

Companion
Two transfer modes

proxy streams broker to browser to upload; server-to-destination streams remote to broker to S3 or disk so the bytes never touch the browser. Built-in fileSystemDestination.

Cloud sources
6 built-in sources

Google Drive, Dropbox, OneDrive, Box (now first-class), Unsplash (search and import, no OAuth popup), and the Companion broker. Each routes into the existing URL-import pipeline.

Headless
Framework hooks

useUploader() for React and Vue, a use:uploader action for Svelte, and an UploaderService for Angular return { files, progress, status, addFiles, upload } so teams build a fully custom UI.

Image editor
Smart-crop, overlays, filters

Content-aware smart-crop (edge-energy focal point, no ML), draggable text and sticker overlays, brightness/contrast/saturation/sepia/grayscale sliders with presets (Mono, Sepia, Warm, Cool, Vivid), an EXIF info panel, and crop-ratio quick-pick chips.

Image output
AVIF + WebP output

Export to AVIF or WebP with a quality slider and graceful AVIF to WebP to JPEG fallback. Plus EXIF auto-rotate on upload, PDF poster thumbnails in the queue, HEIC decode, and URL-based transforms via transformUrl().

UX
Rename, restore, full-page drop

Per-file rename UI (click a filename to edit), a restore prompt that offers to resume incomplete uploads, a whole-page drop target with form auto-attach, and locale auto-detect from navigator.language.

Accessibility
ARIA live regions + WCAG

ARIA live-region announcements for file added, uploaded, and error events, reduced-motion CSS, and modal focus traps. New standalone aspectRatio validator.

.NET
IImageTransformer extension point

URL-based transforms are honored server-side: in the Web Forms handler via GDI+, and in CoreUpload via a pluggable IImageTransformer. Reflective IS3Signer / IAzureSigner / IGcsSigner DI unchanged.

Also in the 5.x line

Established capabilities

The biggest release since the v5 platform launch.

Cloud-source pickers, encryption-at-rest, offline queueing, inline annotation, virus-scan integration, cross-tab coordination, GCS resumable, 10 new locales, and more. All additive - no breaking changes from 5.0.

Cloud sources
Google Drive . Dropbox . OneDrive . Box

Built-in OAuth pickers, lazy-loaded. Each adapter resolves with RemoteFile[] handed to the existing URL-import pipeline with NDJSON live progress.

Compliance
Encryption-at-rest (AES-GCM-256)

PBKDF2 (200k iter), per-file salt + IV. Server only ever sees ciphertext. Static decryptFile() helper for browser-side viewers. Unique among major upload components.

Compliance
Pre-upload virus scan

One virusScan hook integrates ClamAV / VirusTotal / Defender. Companion /scan endpoint in multipleupload/server for Node hosts.

Resilience
Offline-first queueing + SW

Files queue to IndexedDB while offline; uploads auto-resume when the connection returns. registerServiceWorker() for background sync even with the tab closed.

Resilience
Custom retry policy + throttle

Pluggable retryPolicy(attempt, error, ctx) for Retry-After / jitter / wall-clock budgets. maxUploadBytesPerSecond for bandwidth-friendly transfers.

Multi-tab
Cross-tab + dashboard widget

BroadcastChannel coordination prevents duplicate uploads across tabs. A "manager" tab can aggregate every tab's progress via subscribeAllTabs() + createMultiTabDashboard().

Image pipeline
HEIC + 5 presets + annotation

iPhone HEIC auto-converts to JPEG. Presets: avatar, thumbnail, web-banner, document, social-card. Inline 6-tool markup (pen/arrow/rect/text/blur/eraser) before upload.

Composable UI
StatusBar + Informer widgets

Extractable progress chrome - createStatusBar(target, opts) mounts progress + speed + ETA + controls anywhere on the page; createInformer() renders event toasts into your notification slot.

UX
Drag-to-reorder + keyboard

enableQueueReorder lets users drag pending tasks to change priority - or use Arrow Up/Down for keyboard accessibility (WCAG 2.1 out of box). Mobile cameraCapture for direct rear/front camera launch.

Preview
PDF + video in lightbox

The lightbox auto-detects media kind and renders inline: images, sandboxed PDF iframe, native HTML5 video player. Blob-derived URLs auto-revoked on close. Video auto-pauses to free decoder + bandwidth.

i18n
30 locales (10 new)

Added Swedish, Norwegian, Danish, Finnish, Hungarian, Romanian, Bulgarian, Greek, Bengali, Ukrainian - bringing the total to 30. Arabic and Hebrew with right-to-left layout. registerLocale() for everything else.

Framework wrappers
React + Vue + Svelte + Angular

All 4 major frameworks covered with first-class wrappers (npm subpath exports). Plus a server-side Express/Connect middleware that mirrors the same protocols as ajaxupload.axd.

Transport

Pluggable upload strategies.

One Strategy property selects the transport from 7 built-in choices. Switch from server-side chunked upload to direct-to-S3 multipart without rewriting your upload flow. Register your own transport through AjaxUploader.registerStrategy().

single

One POST

Traditional multipart/form-data POST - ideal for small files and simple forms.

chunked

Server-side chunked

Splits the file into parts, uploads with parallel concurrency, per-chunk retry with exponential backoff, and server-side assembly.

s3

Direct-to-S3 multipart

Browser uploads each part directly to Amazon S3 (or MinIO, Backblaze B2, Cloudflare R2, Wasabi) via your server-signed presigned URLs. Your server never sees the bytes.

azure

Direct-to-Azure Blob

PutBlock + PutBlockList against a pre-signed blob SAS URL. Same pattern as S3 - client does all the work, server just signs.

Direct-to-GCS resumable

Google Cloud Storage resumable upload protocol: server initiates the session via IGcsSigner, browser PUTs chunks with Content-Range headers. 256 KiB grain auto-aligned. Resume contract reads GCS's 308 Resume Incomplete for byte-exact continuation.

tus

tus 1.0 protocol

Zero-dependency tus 1.0 client with Core + Creation + Termination extensions. Interop with tusd, uppy-companion, and any tus server.

urlImport

Server URL import

Paste a URL; the server fetches it and streams through your provider. Client sees live NDJSON progress events during the fetch.

Resume & reliability

Uploads that survive reloads, crashes, and flaky networks.

Every in-flight upload persists to IndexedDB automatically. When the user returns, the task rehydrates with its strategy, server-side session handles (tus URL, S3 part ETags, chunk offsets), and progress intact - then continues from where it stopped.

IndexedDB persistence

Pluggable adapter: localStorage (metadata only) or indexeddb (metadata + File blobs).

Full auto-rehydrate

chunked, s3, tus all continue mid-upload. Call resumeFromState() and the task picks up its old server session.

Parallel chunks

Configurable ChunkConcurrency keeps the pipe full. Per-chunk retry with exponential backoff.

Smoothed progress

Sliding-window speed average, per-file and overall progress, ETA, and chunk-level visualization in custom UIs.

Web Worker hashing

SHA-256 and CRC32 run off the main thread. Gigabyte hashing without UI jank, with CSP-safe main-thread fallback.

Cancel / pause / retry

Per-task and batch-wide controls with an AbortController hooked into every XHR and fetch.

Input & UI

Every way users want to add files.

Drag-and-drop is table stakes. AjaxUploader adds folder traversal, full-page drop overlay, clipboard paste, server URL import, and an inline image editor with interactive crop - all through a single API.

Drag & drop

Styled drop zones with hover feedback, configurable full-page drop overlay, and per-zone file scoping.

Folder upload

Dropping a folder recursively enumerates files and preserves relative paths. Works in every modern browser.

Clipboard paste

Paste screenshots or copied files directly into the uploader. One-line config enables paste anywhere on the page.

Image editor

Rotate +/-90 deg, flip H/V, interactive crop with 8 drag handles, optional aspect-ratio lock. Touch + mouse.

Thumbnails + lightbox

Client-side thumbnails for images, video, audio, and PDFs. Built-in lightbox preview for gallery layouts.

Image pipeline

Resize, compress, rotate, crop, flip, watermark, and auto-orient via EXIF - all client-side before the upload starts.

i18n

Every user-facing string is localized. Ships with several locales; registering your own is one object literal.

Theme-ready

Default, Bootstrap, Tailwind, and dark-mode themes out of the box. CSS variables expose every color + radius + spacing.

Custom UIs

Rich event model with onBeforeUpload, onTaskProgress, chunkComplete, and more - plug into external progress bars, queue tables, or wizards.

Validation & security

Reject garbage before it leaves the browser.

Client-side validation saves bandwidth and gives instant feedback; server-side re-validation enforces the truth. AjaxUploader wires both.

Extensions + MIME

Allowlist extensions and MIME types. Optional magic-byte sniffing reads the first 16 bytes to catch spoofed extensions.

Size + dimensions

Min/max file size, min/max image width + height enforced before any bytes transfer.

Duplicate detection

Reject duplicate files in the queue by name + size, or by content hash.

Content hashing

SHA-256 or CRC32 computed client-side in a Web Worker, sent to the server for de-dup, integrity, or signature workflows.

Antiforgery tokens

First-class support for __RequestVerificationToken and ASP.NET Core antiforgery across all strategies.

AV scan hook

Post-upload FileUploaded event gives you the file path before it's persisted - run ClamAV, Defender, or any scanner before accepting.

Architecture

Server controls over a pluggable provider.

Web Forms teams get drop-in server controls; power users can swap the storage provider, register strategies, or author their own transports.

AjaxFileUpload

The primary server control. Renders the client, wires postback events, exposes UploadedFiles in code-behind.

AjaxDropZone

Standalone drop-zone variant for layouts where the button belongs elsewhere on the page.

AjaxAttachments

Attachments-style control for email composers, ticket forms, and reply screens. Preloaded-file support included.

IUploaderProvider

Swap storage without touching UI: FileSystemProvider ships in-box; plug in your own for S3/Azure/DB/CDN.

IS3Signer + IAzureSigner + IGcsSigner + IImageTransformer

Thin interfaces the direct-to-cloud endpoints dispatch to via reflective DI. No AWS / Azure / Google SDK bundled in the core assembly - your host plugs in the signer. The new IImageTransformer extension point honors URL-based transforms server-side.

tus endpoint

Filesystem-backed TusStorage with Core + Creation + Termination extensions. Hands off to the upload pipeline on completion.

ajaxupload.axd

Single IHttpHandler serves embedded JS/CSS and routes upload, chunk, s3, azure, tus, and import-url endpoints.

CuteWebUI 4.x shim

Legacy namespace + compatibility assembly so existing 4.x pages keep compiling. Migrate to native v5 at your own pace.

Shared JS core

One canonical JavaScript source shared with CoreUpload (ASP.NET Core) and MultipleUpload (standalone). Branded at build time.

Want to see it all in action?

Ready-to-run demos ship with the download package. Open AjaxUploader.Demos.csproj in Visual Studio, hit F5, and every feature on this page has a working sample page to learn from.

Browse demos Download Package