I think this might not be an Umbraco question, rather an ASP.NET or IIS question but I hope you might be able to give me a clue as to how to find an answer.
My application is that authorised members can access a page where they can stream tutorial videos. But once on such a page it is very simple by viewing the source to find the URL of the video files and download them.
Could you give some details of your use case? Is the particular issue you are trying to resolve, one where you want to limit the number of times an authorised user has access to a resource or the potential for a tutorial video being shared with unauthorised users? What are you using as your streaming server?
Hi Roger, though I've had a need to do something like this before I can't claim to have done it in umbraco or even .Net. However I do know that you will need to get to a point where IIS is passing through all requests or at least those for your video filetype to the umbraco business logic so member access roles can be assessed before the file response is issued. If you look at the media protect manual here http://soetemansoftware.nl/media/11585/mediaprotect-manual.pdf, you will see under IIS configuration that it suggests the IIS 7 integrated pipeline for achieving this part of the puzzle. The rest of the media protect package should handle access to the video file as you need PROVIDED its compatible with your umbraco version.
If you want to try and roll your own these sources may be of use. As a supplementary note I've seen a lot of people suggesting the runAllManagedModulesForAllRequests attribute in web.config for various purposes but the concerns / approach suggested in the second link I provided seem to make a lot more sense to me in terms of controlling which modules are enabled to handle different requests.
@Dennis, in addition to controlling the rendering of the video on the page, I think Roger is concerned about applying access control to the mp4 file assets so unauthorised users can't access the file directly. A low tech way may be to use the url rewrite technique used for image hot linking e.g
Download media files if only an authorised Member
I think this might not be an Umbraco question, rather an ASP.NET or IIS question but I hope you might be able to give me a clue as to how to find an answer.
My application is that authorised members can access a page where they can stream tutorial videos. But once on such a page it is very simple by viewing the source to find the URL of the video files and download them.
How do I prevent this?
Your help would be much appreciated.
Thanking you in anticipation.
Roger
Hi Roger,
Have you seen Mediaprotect that prevents media items can be accessed without logging in? More info at http://soetemansoftware.nl/media-protect
Best,
Richard
Could you give some details of your use case? Is the particular issue you are trying to resolve, one where you want to limit the number of times an authorised user has access to a resource or the potential for a tutorial video being shared with unauthorised users? What are you using as your streaming server?
Thanks for your reply, Ian.
I want to prevent a tutorial video being shared with unauthorised users.
I am using HTML5 video tag to stream the videos.
Roger
Hi Roger,
So you only want to show the video if the user is logged as a member on your website.
Then try to see the Umbraco helper methods called .MemberHasAccess() ..MemberIsLoggedOn() and .IsProtected()
https://our.umbraco.org/documentation/Reference/Querying/UmbracoHelper/
Hope this helps,
/Dennis
Hi Roger, though I've had a need to do something like this before I can't claim to have done it in umbraco or even .Net. However I do know that you will need to get to a point where IIS is passing through all requests or at least those for your video filetype to the umbraco business logic so member access roles can be assessed before the file response is issued. If you look at the media protect manual here http://soetemansoftware.nl/media/11585/mediaprotect-manual.pdf, you will see under IIS configuration that it suggests the IIS 7 integrated pipeline for achieving this part of the puzzle. The rest of the media protect package should handle access to the video file as you need PROVIDED its compatible with your umbraco version.
If you want to try and roll your own these sources may be of use. As a supplementary note I've seen a lot of people suggesting the runAllManagedModulesForAllRequests attribute in web.config for various purposes but the concerns / approach suggested in the second link I provided seem to make a lot more sense to me in terms of controlling which modules are enabled to handle different requests.
http://stackoverflow.com/questions/2903292/how-do-i-protect-static-files-with-asp-net-form-auhentication-on-iis-7-5
http://www.britishdeveloper.co.uk/2010/06/dont-use-modules-runallmanagedmodulesfo.html
http://blogs.msdn.com/b/david.wang/archive/2006/03/18/iis7-preconditions-and-the-integrated-pipeline.aspx
@Dennis, in addition to controlling the rendering of the video on the page, I think Roger is concerned about applying access control to the mp4 file assets so unauthorised users can't access the file directly. A low tech way may be to use the url rewrite technique used for image hot linking e.g
http://forums.iis.net/t/1210682.aspx?Prevent+Direct+URL+Access+of+Files
is working on a reply...