This is called Authorization. You can implement authorization logic in your HttpApplication or IHttpModule's AuthorizeRequest
event.
ImageResizer also offers a AuthorizeImage
event that only applies to processed images. If your images are on the file system or provided by a VirtualPathProvider, they're accessible without going through ImageResizer, so you should use AuthorizeRequest approach.