public PostAuthorizeResult PostAuthorize()
{
conf.FirePostAuthorizeRequest(sender as IHttpModule, context);
conf.FireHeartbeat();
//Allow handlers of the above event to change filePath/pathinfo so we can successfully test the extension
string originalPath = conf.PreRewritePath;
//Trim fake extensions so IsAcceptedImageType will work properly
string filePath = conf.TrimFakeExtensions(originalPath);
//Is this an image request? Checks the file extension for .jpg, .png, .tiff, etc.
if (!(conf.SkipFileTypeCheck || conf.IsAcceptedImageType(filePath)))
{
return(PostAuthorizeResult.UnrelatedFileType);
}
//Copy the querystring so we can mod it to death without messing up other stuff.
NameValueCollection queryCopy = new NameValueCollection(conf.ModifiedQueryString);
Performance.GlobalPerf.Singleton.PreRewriteQuery(queryCopy);
//Call URL rewriting events
UrlEventArgs ue = new UrlEventArgs(filePath, queryCopy);
conf.FireRewritingEvents(sender, context, ue);
//Pull data back out of event object, resolving app-relative paths
RewrittenVirtualPath = PathUtils.ResolveAppRelativeAssumeAppRelative(ue.VirtualPath);
RewrittenQuery = ue.QueryString;
RewrittenInstructions = new Instructions(RewrittenQuery);
//Store the modified querystring in request for use by VirtualPathProviders during URL Authorization
conf.ModifiedQueryString = RewrittenQuery;
RewrittenVirtualPathIsAcceptedImageType = conf.IsAcceptedImageType(RewrittenVirtualPath);
RewrittenQueryHasDirective = conf.HasPipelineDirective(RewrittenQuery);
RewrittenMappedPath = HostingEnvironment.MapPath(RewrittenVirtualPath);
ProcessingIndicated = false;
CachingIndicated = false;
if (RewrittenQueryHasDirective)
{
//By default, we process it if is both (a) a recognized image extension, and (b) has a resizing directive (not just 'cache').
//Check for resize directive by removing ('non-resizing' items from the current querystring)
ProcessingIndicated = RewrittenInstructions.Process == ProcessWhen.Always ||
((RewrittenInstructions.Process == ProcessWhen.Default || RewrittenInstructions.Process == null) &&
RewrittenVirtualPathIsAcceptedImageType &&
conf.HasPipelineDirective(RewrittenInstructions.Exclude("cache", "process", "useresizingpipeline", "404", "404.filterMode", "404.except")));
CachingIndicated = RewrittenInstructions.Cache == ServerCacheMode.Always ||
((RewrittenInstructions.Cache == ServerCacheMode.Default || RewrittenInstructions.Cache == null) && ProcessingIndicated);
//Resolve the 'cache' setting to 'no' unless we want it cache. TODO: Understand this better
if (!CachingIndicated)
{
RewrittenInstructions.Cache = ServerCacheMode.No;
}
Performance.GlobalPerf.Singleton.QueryRewrittenWithDirective(RewrittenVirtualPath);
}
if (RewrittenQueryHasDirective || conf.AuthorizeAllImages)
{
var authEvent = new UrlAuthorizationEventArgs(RewrittenVirtualPath, new NameValueCollection(RewrittenQuery), true);
//Allow user code to deny access, but not modify the URL or querystring.
conf.FireAuthorizeImage(sender, context, authEvent);
if (!authEvent.AllowAccess)
{
return(PostAuthorizeResult.AccessDenied403);
}
}
return(PostAuthorizeResult.Complete);
}
