Skip to main content
D
dd35
Participant
January 12, 2010
Question

Authentication Add-In Allows Old User Agents without Authentication

  • January 12, 2010
  • 1 reply
  • 1176 views

I have installed AdobeFlash Media Development Server (as a test for Interactive Server 3.5) and the Authentication Add-In v3.  It works great with Flash Media Encoder 3 (FMLE/3.0), but if I specify a different user agent (FME/2.5 or FM/1.0) using an older version of the encoder or another brand encoder that supports multiple user agents (eg. Wirecast) the authentication is completely ignored.

Is there a way to restrict Adobe Flash Media Interactive Server to accepting uploads from user agent FMLE/3.0 only (or cause it to respect credentials from older user agents . . . if they even send credentials)?

Thanks!

Dan

    This topic has been closed for replies.

    1 reply

    A
    Anonymous
    January 12, 2010

    Since you're using interactive server, you could manage it with client side actionscript (which is a whole lot more flexible than the auth addin). In  your application.onConnect or application.onPublish methods you can inspect the client.agent property, as well as perform inspection of credentials (I'm a big fan of tacking get variables onto the end of the RTMP URL and extracting them by inspecting the client.uri property).

    Perhaps it might make sense to look at it from the other direction. Why is it that you want to restrict publishing to FMLE 3 clients?

    D
    dd35Author
    Participant
    January 14, 2010

    The final goal is not to restrict to FMLE 3.0 but rather to have the server require credentials to upload video.  Even with the authentication module in place I am able to bypass credentials if I use an older encorder User Agent.  Only FMLE 3.0 respects the login.  Does not seem too secure.

    Having said all of that, the end server product my customer purchased is actually the Streaming server, so the authentication plugin is out anyhow.  Are there any options to require credentials to upload video to the FMSS?

    Thanks!

    Asa_-_FMS
    Adobe Employee
    Asa_-_FMS
    Adobe Employee
    January 14, 2010

    Unfortunately this is a known issue for FMSS that we're actively engaged on fixing.  At the moment the only way to restrict the publisher for FMSS is to control the IPs accepted to a publishing application through configuration.  Like I said, it's a known issue and only the FMIS can do this for the moment.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices