FMS server user authentication

Forum|Forum|19 years ago
November 21, 2006
7 replies
1299 views

Hello,
Does anyone know of a way to authenticate users that are accessing streams on the Flash Media Server. I read something about LDAP and database authentication but it looks like I have to fork off extra cash to have this authentication "product" which should have come with my purchased copy of FMS in the first place.
Anyway, I would like to have just allowed users being able to watch movies and if anyone can tell me how to do this I'd greatly appreciate it.
I run Redhat EL 4. Right now I create a hash symlink on the server that points to the content in some other directory. The hashed symlink is different for every user. When the FMS stop using the symlink a cronjob removes the symlink so nobody else can view the content. However, this is not secure enough.

Thanks,
Raymond.

This topic has been closed for replies.

A

Anonymous

I'd almost forget that you can use the easy to use method "Loadvars" to load data from a php-script. We were forced to use the XML method but the Loadvars methode is probably easier and faster to implement for you.

I'd use the Loadvars if possible since we suspect the XML object to leak A LOT of memory.

A

Anonymous

FMS_Developer,
Thank you very much for your extensive help. Per your suggestion I used the XML object and was able to generate a request to the web server which is awesome. I think there's one last piece that I need to put all this together. How do I pass the user credentials to the actionscript script on the server side?
For example here's a piece of the HTML on the browser that embeds the movie:
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase=" http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,79,0" width="662" height="531" id="FLVPlayer">
<param name="movie" value="FLVPlayer_Streaming.swf" />
<param name="salign" value="lt" />
<param name="quality" value="high" />
<param name="scale" value="noscale" />
<param name="FlashVars" value="&MM_ComponentVersion=1&serverName=10.10.32.110&skinName=Halo_Skin_3&appName=flash320/video&streamName=stream1&isLive=false&bufferTime=0&autoPlay=true&autoRewind=false" />
<embed src="FLVPlayer_Streaming.swf" flashvars="&MM_ComponentVersion=1&serverName=10.10.32.110&skinName=Halo_Skin_3&appName=flash320/video&streamName=stream1&isLive=false&bufferTime=0&autoPlay=true&autoRewind=false" quality="high" scale="noscale" width="662" height="531" name="FLVPlayer" salign="LT" type="application/x-shockwave-flash" pluginspage=" http://www.macromedia.com/go/getflashplayer" />
</object>

In the code above do I insert the username & pass in a separate <param> tag or do I add it to somewhere else? Then, once I have the HTML passing the user/pass info where on the server do I grab that data and how do I go about it - do I pass it as a parameter at the end of the onconnect method:
application.onConnect = function(p_client, p_autoSenseBW, ?????????) {
or do I plug it in somewhere else?

Raymond.

A

Anonymous

You can pass variables to the SWF like you are already doing with "serverName" and "skinName" etc. Just pass "app_username=joe" and "app_password=test" and you can read those variables inside your swf and pass them in the netconnection.connect() method like this:

swf code:
my_netconnection.connect("rtmp://myserver.com/my_application/my_instance",my_parameter1, my_parameter2, etc);

(you can pass as many parameters as you want on the .connect line)

But to make things a bit more flexibel I would put all parameters inside an object and pass the object so your .connect method is a bit more readable:

swf code:
obj_parameters = new Object();
obj_parameters.login = app_loginname; // you got this from outside the swf
obj_parameters.password = app_password; // you got this from outside the swf
obj_parameters.my_integer = 726262; // example
obj_parameters.my_name = "guess what, a demo";

my_nc = new Netconnection();
my_ncconnect("rtmp://myserver.com/my_application/my_instance", obj_parameters);

server code:

application.onConnect = function (obj_client, obj_client_parameters) {
// obj_client is always submitted
// obj_client_parameters holds your parameters
client_login = obj_client_parameters.login;
client_password = obj_client_parameters.password;
// now go and start and XML object and supply login + password as parameters like this:

my_xml = new XML();
my_xml.onLoad = function() {
// check the result;
}
my_xml.load("url?login=" + client_login + "&password=" + client_password);
// call the script and supply the login & password the client submitted
// let the script verify the combination
// return a true or false
// accept the users connection or kill it
}

etc

A

Anonymous

serversided actionscript = actionscript that's inside the FMS server. "main.asc" ; read some docs and you'll learn quickly.

Whenever a client connects to your FMS it will invoke a so called 'onConnect; event. It's a function of your serversided-actionscript code. It will run on the server. And inside that function you can call a ASP,PHP,Perl,Python,CFM-script on a webserver, which can connect to a database (like mysql, postgresql, ms sql server) and some authentication.

When your client would connect to the FMS server you would let the user supply an "ID" so you know on the server who is connecting. Then you can lookup via the call to a script if that ID/user is allowed to go further. Only after the user has been validated he will have access to FLV content etc on your FMS server.

Please do see the difference between FLV movies that can be downloaded by ANY flash player using a 'progressive download' and FLV movies that are streamed to the client using a FMS server.

A

Anonymous

FMS_Developer,
Thank you very much for your help. I'll definitely try this.
Raymond.

A

Anonymous

FMS_Developer,
Thank you for your response. How do I enable my FMS server to check a database or do any kind of interaction with a database? I have not found a single command-line tool to come with the FMS server that will give me info on what users are connected from where and what they are streaming.
Now how would a "server-side actionscript" work? I don't know anything about it but if you could respond with some keywords I could google it and learn how to do this.
Thanks again.
Raymond.

A

Anonymous

You could store the user's IP after the users authenticates himself and have your FMS check a database to see if the IP is in the list.

Even if the pirate user would distribute the HTML page containing the 'source' of the player etc in it to others they wouldn't be able to access your FMS.

Besides that you should do periodic checking of access TO your FMS inside a serverside actionscript ON your FMS AGAINST your (webserver) database...

Yes this isn't easy but if you implement it correct it will be 99,9% foolproof.

A

Anonymous

Generate a unique id for the logged in session and store it. Make all authenticated material accessible through a different application. When a user tries to connect to this application, the session id is sent with the connect command. The FMS App then chekcs if the supplied session id is correct and, if not, refuses the connection.

A

Anonymous

ManMachine,
Thank you for the reply. I have thought about the sessionid but there is a major problem with it. Sessions must be long because my movies are long. Then during the existence of the session the user could just save the web page with the embedded movie to the desktop as an HTML page and resend that to others and all they have to do is double-click that html page to view the movie until I remove that movie or change the application name of my FMS movie on the server.
A way to really limit this activity is to block access to the same movie from more than one ip address however I have not been able to accomplish this so far.
What do you think?
Raymond.

A

Anonymous

JayCharles,
Thank you for your reply. I have a member's area of site where authenticated users can watch movies. They click on a link, load a new page and the movie starts playing embedded in it. No authentication required there. The authentication is for access to a the members' site and I use apache htaccess for that. All members will have access to all movies once they log to the members area successfully. My concern is that if a member can save the html page that embeds the movie they can distribute it to other unauthenticated users that just need to save the html page to the desktop and open it in a browser to be able to view the movie.

A

Anonymous

The short answer is no, you don't necessarily need to buy anything else. FMS can connect to all sorts of data sources, pretty much like the Flashplayer can. It can connect to remoting services, XML socket servers, and make LoadVars requests. I guess the ideal solution depends on what sort of authentication you need to do, and what your existing http server model is.

Are the videos you're delivering different for each user, or are we talking about a common pool of media that all users have equal rights to?

What are the challenges for authentication? Will users log in with a username/pass, or do you just need to satisfy temporary requirements (ie fill out a form before you can see this video)

If users have usernames/passwords, do they log in to an application on the http server before accesing the media player (ie, do they log in to the "site", or do they just need to log in to the FMS application)?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded