video file download issue

views:

127

answers:

+7 Q:

video file download issue

Hello everyone,

I am using VSTS 2008 + C# + .Net 3.5 + Silverlight 3.0 + ASP.Net to develop a Silverlight application (a video media player) in browser and the function is simple, just use MediaElement to play a remote video file.

The remote server is Windows Server 2008 + IIS 7.0 + IIS Media Bit Rate Throttling Control.

Since the request media URL can be discovered (e.g. from traffic sniffer), and I want to know how to prevent from download directly from the Url? i.e. I want end user to use my Silverlight media player application in browser to play the file, prevent them from download to local directly. Any easy and quick solution or reference code/documents?

thanks in advance, George

+1 A:

Use the ASP.NET Authentication Service to authenticate/authorize your user
Put the video in a folder where the web.config prevents un-authenticated access to the contents

If I'm not mistaken (and to be truthful, there is a chance as I've never tried this particular scenario) ... that will protect your video content, while allowing the authorized user to access it via silverlight.

Joel Martinez 2010-03-04 14:24:30

I think he is not interested in authenticating user by providing a username-pasword. His question is very simple. A normal webpage has a silverlight application. The application request a video resource from some xyz location. It may be a sub folder under his root. He want user to prevent accessing it directly. Since the silverlight application request it from client, you can not put it under some app_data or bin folder.

Manjoor 2010-03-06 13:21:56

what he is interested in is authorizing requests that come from the silverlight application. Since it is just a client just like any other, he could have it log in using the authentication service with a known username and password that all users of the silverlight application share. That way, if a user tries to access it directly via the URL, he will be denied

Joel Martinez 2010-03-08 14:08:55

What Joel suggested above could make sense. Especially if the Silverlight hosting web application was running in an app pool that ran under a particular identity (i.e. "svcMyVideoApp"). Then you could make it where only this identity could access the content folder. Set all other requests for content to deny (except maybe your own :) )

lividsquirrel 2010-03-11 15:27:48

If i'm not mistaken... if properly set up, IIS 7's media services shouldn't even serve the raw files no more then it should serve a raw unprocessed "aspx" page.

I only played with this a little a few months back, but when I installed the Media plugin for IIS 7, it was not serving the raw media files, and I could only access them via a silverlight interface. I used Expression Studio to create my silverlight viewer page and had it encode it for "smooth streaming".

Rootberg 2010-03-16 13:41:05

+1 A:

I might be clutching at straws here but what about using a HTTP handler to intercept requests to the media URL: When the HTTP handler encounters a request, it checks for a unique HTTP header in the request - this could be hard coded into your media player application so that the URL request is accompanied with the appropriate security header - and unless the HTTP header is present then all response is blocked. I know there are no code specifics here but it's an idea all the same.

pb 2010-03-18 16:13:07

A simple way would be to add a handler to catch the request like @pb said. I don't know if sending headers is the right thing or not though. A simple way would to just check if the request has a referrer..

String.IsNullOrEmpty(context.Request.ServerVariables["HTTP_REFERER"])

or you'll need authentication and to send the auth cookie with the request.

rushonerok 2010-03-20 06:08:40

ansaurus

tags:

views:

answers:

video file download issue

related questions