I found two really good links talking about how to upload image file and validate file format in more secure way rather than just checking file extension.
You should also check image file content before you try checking for header of image file.
I found both the articles have missed this code. Here is that missing code for validating file extension.
private Boolean CheckFileType()
string acceptedTypes = new string
Note: This article is basically bookmark for my future reference.