Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Roger Withnell 128 posts 613 karma points
    Dec 15, 2015 @ 23:22
    Roger Withnell
    0

    Download media files if only an authorised Member

    I think this might not be an Umbraco question, rather an ASP.NET or IIS question but I hope you might be able to give me a clue as to how to find an answer.

    My application is that authorised members can access a page where they can stream tutorial videos. But once on such a page it is very simple by viewing the source to find the URL of the video files and download them.

    How do I prevent this?

    Your help would be much appreciated.

    Thanking you in anticipation.

    Roger

  • Richard Soeteman 4035 posts 12842 karma points MVP
    Dec 16, 2015 @ 13:25
    Richard Soeteman
    0

    Hi Roger,

    Have you seen Mediaprotect that prevents media items can be accessed without logging in? More info at http://soetemansoftware.nl/media-protect

    Best,

    Richard

  • Ian 178 posts 752 karma points
    Dec 16, 2015 @ 18:15
    Ian
    0

    Could you give some details of your use case? Is the particular issue you are trying to resolve, one where you want to limit the number of times an authorised user has access to a resource or the potential for a tutorial video being shared with unauthorised users? What are you using as your streaming server?

  • Roger Withnell 128 posts 613 karma points
    Dec 16, 2015 @ 21:53
    Roger Withnell
    0

    Thanks for your reply, Ian.

    I want to prevent a tutorial video being shared with unauthorised users.

    I am using HTML5 video tag to stream the videos.

    Roger

  • Dennis Aaen 4499 posts 18254 karma points admin hq c-trib
    Dec 17, 2015 @ 12:21
    Dennis Aaen
    0

    Hi Roger,

    So you only want to show the video if the user is logged as a member on your website.

    Then try to see the Umbraco helper methods called .MemberHasAccess() ..MemberIsLoggedOn() and .IsProtected()

    https://our.umbraco.org/documentation/Reference/Querying/UmbracoHelper/

    Hope this helps,

    /Dennis

  • Ian 178 posts 752 karma points
    Dec 17, 2015 @ 12:08
    Ian
    0

    Hi Roger, though I've had a need to do something like this before I can't claim to have done it in umbraco or even .Net. However I do know that you will need to get to a point where IIS is passing through all requests or at least those for your video filetype to the umbraco business logic so member access roles can be assessed before the file response is issued. If you look at the media protect manual here http://soetemansoftware.nl/media/11585/mediaprotect-manual.pdf, you will see under IIS configuration that it suggests the IIS 7 integrated pipeline for achieving this part of the puzzle. The rest of the media protect package should handle access to the video file as you need PROVIDED its compatible with your umbraco version.

    If you want to try and roll your own these sources may be of use. As a supplementary note I've seen a lot of people suggesting the runAllManagedModulesForAllRequests attribute in web.config for various purposes but the concerns / approach suggested in the second link I provided seem to make a lot more sense to me in terms of controlling which modules are enabled to handle different requests.

    http://stackoverflow.com/questions/2903292/how-do-i-protect-static-files-with-asp-net-form-auhentication-on-iis-7-5

    http://www.britishdeveloper.co.uk/2010/06/dont-use-modules-runallmanagedmodulesfo.html

    http://blogs.msdn.com/b/david.wang/archive/2006/03/18/iis7-preconditions-and-the-integrated-pipeline.aspx

  • Ian 178 posts 752 karma points
    Dec 17, 2015 @ 12:55
    Ian
    0

    @Dennis, in addition to controlling the rendering of the video on the page, I think Roger is concerned about applying access control to the mp4 file assets so unauthorised users can't access the file directly. A low tech way may be to use the url rewrite technique used for image hot linking e.g

    http://forums.iis.net/t/1210682.aspx?Prevent+Direct+URL+Access+of+Files

Please Sign in or register to post replies

Write your reply to:

Draft