Am trying out ImageResizer and am looking for a good method to dynamically Authorize user access to images(and other files) based on role, group etc thus restricting image access. I read that ImageResizer support Url Authorization, but unsure to wich extent(only that if i implement it will follow or there are helpers for this). Preferably a soultion that would work with their disk cache module as well. Seen some generic information regarding implementing custom url authorization, but unsure if its just a matter of setting up authorization for the image paths as one would any other resource then let imageresizer work against that. Or if some logic should e connected to imageresizer. Found some nfo here regarding url authorization in general but i guess that im not the first about to implement this combination?

The optimal setup as i see would be a restriction where no files (thumbs, images, cached images or otherwise) would be available online if authentication havent granted access.

So looking for more info / details regarding a sound and decently secure implementation of this, perhaps sample implementation / code of this exists somewhere i havent found?

Edit: Computer Linguist link gave me much of what i was looking for. Two things struck me though.
1. Is there any best practises redarding what should go in a event handler or i can just build a service for this specific purpose and make use of it in the handler?
2. Since this will be triggered for every image i guess that avoid doing direct dbcalls for permission checks(ie try to device a method of caching the permissions for the respective user)? Or the practicle implications of this are usually so small that it doesnt matter? When thinking of it, does User.IsInRole not do direct dbcalls for determining membership?