Configuring ImageResizer Web.config To Only Work On Certain Directories

Question

Product Using: ImageResizer.dll from http://imageresizing.net

I have a website for a client that I use this product to dynamically resize images for their online shopping cart. The product works great! I have recently added a Custom HTTPHandler ( MyCustomSecurityHandler ) to control access to the images in particular directory that need to be secured. The code for MyCustomSecurityHandler works fine as long as I don't try to access the image using the QueryString parameters "width" or "height" that are recognized by ImageResizer. If no QueryString parameters are used, ImageResizer ignores the request and my Custom HTTPHandler picks up the request and handles the security perfectly.

Problem: If the user types in the direct path to the image with the attributes that the ImageResizer.dll recognizes, my custom handler is ignored and the image is displayed.

Desired Goals:

1) Have my customer image handler fire when the path matches regardless of any querystring parameters provided. (this works if i remove the web.config entries for the ImageResizer.dll)

2) Have the imageresizer.dll recognize the QueryString parameters and process only if the images is from the following folder or sub folders: {SITEROOT}/images/products/

Question: Does anyone have experience using this imageresizer.dll product and can you guide me on how to configure it to reach my desired goals?

I have modified the following config file to show the relevant entries what what I'm working with.

{MY SECURE DIRECTORY}

Place holder value for the actual path on my site

WebProjectAssembly.HTTPHandlers.MyCustomSecurityHandler

My custom HTTPHandler class

My Web.Config File:

 <?xml version="1.0"?> <configuration> <configSections> <section name="resizer" type="ImageResizer.ResizerSection,ImageResizer" requirePermission="false" /> </configSections> <resizer> <!-- Unless you (a) use Integrated mode, or (b) map all requests to ASP.NET, you'll need to add .ashx to your image URLs: image.jpg.ashx?width=200&height=20 --> <pipeline fakeExtensions=".ashx" defaultCommands="autorotate.default=true"/> <plugins> <add name="DiskCache" /> <!-- <add name="PrettyGifs" /> --> <!-- <add name="SimpleFilters" /> --> <!-- <add name="S3Reader" /> --> </plugins> </resizer> <system.web> <httpModules> <!--This is for IIS7/8 Classic Mode and Cassini--> <add name="ImageResizingModule" type="ImageResizer.InterceptModule" /> </httpModules> <httpHandlers> <add verb="*" path="/{MY SECURE DIRECTORY}/*.jpg" type="WebProjectAssembly.HTTPHandlers.MyCustomSecurityHandler" /> </httpHandlers> <httpRuntime targetFramework="4.5" /> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <handlers> <add verb="*" path="/{MY SECURE DIRECTORY}/*.jpg" name="MyCustomHandler" type="WebProjectAssembly.HTTPHandlers.MyCustomSecurityHandler" /> </handlers> <modules> <!--This is for IIS7/8 Integrated mode--> <add name="ImageResizingModule" type="ImageResizer.InterceptModule" /> </modules> </system.webServer> </configuration> 

Answer 1

IIS/ASP.NET do not let you enable or disable modules based on directory, unless they are separate applications.

However, given your task (control image access), you could just use ImageResizer v4's AuthorizeImage event with authorizeAllImages="true" . That will fire on all requests, and let you meet your goals.