public PostAuthorizeResult PostAuthorize() { conf.FirePostAuthorizeRequest(sender as IHttpModule, context); conf.FireHeartbeat(); //Allow handlers of the above event to change filePath/pathinfo so we can successfully test the extension string originalPath = conf.PreRewritePath; //Trim fake extensions so IsAcceptedImageType will work properly string filePath = conf.TrimFakeExtensions(originalPath); //Is this an image request? Checks the file extension for .jpg, .png, .tiff, etc. if (!(conf.SkipFileTypeCheck || conf.IsAcceptedImageType(filePath))) { return(PostAuthorizeResult.UnrelatedFileType); } //Copy the querystring so we can mod it to death without messing up other stuff. NameValueCollection queryCopy = new NameValueCollection(conf.ModifiedQueryString); Performance.GlobalPerf.Singleton.PreRewriteQuery(queryCopy); //Call URL rewriting events UrlEventArgs ue = new UrlEventArgs(filePath, queryCopy); conf.FireRewritingEvents(sender, context, ue); //Pull data back out of event object, resolving app-relative paths RewrittenVirtualPath = PathUtils.ResolveAppRelativeAssumeAppRelative(ue.VirtualPath); RewrittenQuery = ue.QueryString; RewrittenInstructions = new Instructions(RewrittenQuery); //Store the modified querystring in request for use by VirtualPathProviders during URL Authorization conf.ModifiedQueryString = RewrittenQuery; RewrittenVirtualPathIsAcceptedImageType = conf.IsAcceptedImageType(RewrittenVirtualPath); RewrittenQueryHasDirective = conf.HasPipelineDirective(RewrittenQuery); RewrittenMappedPath = HostingEnvironment.MapPath(RewrittenVirtualPath); ProcessingIndicated = false; CachingIndicated = false; if (RewrittenQueryHasDirective) { //By default, we process it if is both (a) a recognized image extension, and (b) has a resizing directive (not just 'cache'). //Check for resize directive by removing ('non-resizing' items from the current querystring) ProcessingIndicated = RewrittenInstructions.Process == ProcessWhen.Always || ((RewrittenInstructions.Process == ProcessWhen.Default || RewrittenInstructions.Process == null) && RewrittenVirtualPathIsAcceptedImageType && conf.HasPipelineDirective(RewrittenInstructions.Exclude("cache", "process", "useresizingpipeline", "404", "404.filterMode", "404.except"))); CachingIndicated = RewrittenInstructions.Cache == ServerCacheMode.Always || ((RewrittenInstructions.Cache == ServerCacheMode.Default || RewrittenInstructions.Cache == null) && ProcessingIndicated); //Resolve the 'cache' setting to 'no' unless we want it cache. TODO: Understand this better if (!CachingIndicated) { RewrittenInstructions.Cache = ServerCacheMode.No; } Performance.GlobalPerf.Singleton.QueryRewrittenWithDirective(RewrittenVirtualPath); } if (RewrittenQueryHasDirective || conf.AuthorizeAllImages) { var authEvent = new UrlAuthorizationEventArgs(RewrittenVirtualPath, new NameValueCollection(RewrittenQuery), true); //Allow user code to deny access, but not modify the URL or querystring. conf.FireAuthorizeImage(sender, context, authEvent); if (!authEvent.AllowAccess) { return(PostAuthorizeResult.AccessDenied403); } } return(PostAuthorizeResult.Complete); }