Configuring ImageResizer Web.config To Only Work On Certain Directories

▼魔方 西西 提交于 2019-12-13 01:44:09

问题


Product Using: ImageResizer.dll from http://imageresizing.net

I have a website for a client that I use this product to dynamically resize images for their online shopping cart. The product works great! I have recently added a Custom HTTPHandler (MyCustomSecurityHandler) to control access to the images in particular directory that need to be secured. The code for MyCustomSecurityHandler works fine as long as I don't try to access the image using the QueryString parameters "width" or "height" that are recognized by ImageResizer. If no QueryString parameters are used, ImageResizer ignores the request and my Custom HTTPHandler picks up the request and handles the security perfectly.

Problem: If the user types in the direct path to the image with the attributes that the ImageResizer.dll recognizes, my custom handler is ignored and the image is displayed.

Desired Goals:

1) Have my customer image handler fire when the path matches regardless of any querystring parameters provided. (this works if i remove the web.config entries for the ImageResizer.dll)

2) Have the imageresizer.dll recognize the QueryString parameters and process only if the images is from the following folder or sub folders: {SITEROOT}/images/products/

Question: Does anyone have experience using this imageresizer.dll product and can you guide me on how to configure it to reach my desired goals?

I have modified the following config file to show the relevant entries what what I'm working with.

{MY SECURE DIRECTORY}

Place holder value for the actual path on my site

WebProjectAssembly.HTTPHandlers.MyCustomSecurityHandler

My custom HTTPHandler class

My Web.Config File:

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="resizer" type="ImageResizer.ResizerSection,ImageResizer" requirePermission="false" />
  </configSections>

  <resizer>
     <!-- Unless you (a) use Integrated mode, or (b) map all requests to ASP.NET, 
          you'll need to add .ashx to your image URLs: image.jpg.ashx?width=200&height=20 -->
     <pipeline fakeExtensions=".ashx" defaultCommands="autorotate.default=true"/>

     <plugins>
       <add name="DiskCache" />
       <!-- <add name="PrettyGifs" /> -->
       <!-- <add name="SimpleFilters" /> -->
       <!-- <add name="S3Reader" /> -->
     </plugins>  
   </resizer>
  
  <system.web>
    <httpModules>
       <!--This is for IIS7/8 Classic Mode and Cassini-->
      <add name="ImageResizingModule" type="ImageResizer.InterceptModule" />
    </httpModules>
    <httpHandlers>
      <add verb="*" path="/{MY SECURE DIRECTORY}/*.jpg" type="WebProjectAssembly.HTTPHandlers.MyCustomSecurityHandler" />
    </httpHandlers>
    <httpRuntime targetFramework="4.5" />
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <add verb="*" path="/{MY SECURE DIRECTORY}/*.jpg" name="MyCustomHandler" type="WebProjectAssembly.HTTPHandlers.MyCustomSecurityHandler" />
    </handlers>
    <modules>
      <!--This is for IIS7/8 Integrated mode--> 
      <add name="ImageResizingModule" type="ImageResizer.InterceptModule" />
    </modules>
  </system.webServer>
</configuration>

回答1:


IIS/ASP.NET do not let you enable or disable modules based on directory, unless they are separate applications.

However, given your task (control image access), you could just use ImageResizer v4's AuthorizeImage event with authorizeAllImages="true". That will fire on all requests, and let you meet your goals.



来源:https://stackoverflow.com/questions/33440702/configuring-imageresizer-web-config-to-only-work-on-certain-directories

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!