Grant, I've not done this specifically with video streaming but implemented many similar things for other purposes (downloads etc). People don't really do streaming any more like they did in the old days. By that I mean that a 'streaming server' is jsut standard HTTP requests and use byte range requests to do seeking. Writing your own handler should will work but make sure you implement byte range requests.
Just throwing something totally left field out there: Let's imagine you have three membership levels, bronze, silver and gold - what about making three copies of the videos in three separate folders and, securing them on the filesystem with standard NT ACLs against three different user accounts. Then set up three app pools one for /gold, one for /silver and one for /bronze then run those app pools as the three different users. If you then use any supported IIS authentication mechanism to authenticate users against the /bronze, /silver, /gold folder ... and it should just work. I can't see a way to make this scale to lots of arbitrary permission levels but if your model is several simple subscriber models then maybe you can do this to get your permissions for free? David. David Connors [email protected] | M +61 417 189 363 Download my v-card: https://www.codify.com/cards/davidconnors Follow me on Twitter: https://www.twitter.com/davidconnors Connect with me on LinkedIn: http://au.linkedin.com/in/davidjohnconnors On 25 November 2013 16:47, Grant Maw <[email protected]> wrote: > All > > I'm trying to find the most optimal way of protecting video content in an > asp.net app. We have an app that displays video from an IIS streaming > media server *that is separate from our main web server*. Some of the > video is publicly available, some of it is subscriber content. There are > different levels of subscriber (so higher levels get more video than lower > levels). We want to be able to protect the subscriber content somehow. > > All video is going to be linked to via a HTML 5 <video /> tag. We want to > stop subscribers from copying the URL of subscriber content from the page > source and sharing it around over the internet. > > I thought about writing a HTTP Handler that intercepts the requests and > deals with authorisation. This would take the form of something like " > http://mysite.com/getvideo.ashx?ID=xxxxxx";. If they're not authenticated > and authorised it would bounce them to some sort of "not authorised" page. > This would stop link theft, but I am not sure if we'd get the benefits of > the streaming media server by doing this. > > Would love to hear your thoughts if you've been down this road. > > Cheers > > Grant >
