Hello,
Does anyone know of a way to authenticate users that are accessing streams on
the Flash Media Server. I read something about LDAP and database authentication
but it looks like I have to fork off extra cash to have this authentication
"product" which should have come with my purchased copy of FMS in the first
place.
Anyway, I would like to have just allowed users being able to watch movies and
if anyone can tell me how to do this I'd greatly appreciate it.
I run Redhat EL 4. Right now I create a hash symlink on the server that points
to the content in some other directory. The hashed symlink is different for
every user. When the FMS stop using the symlink a cronjob removes the symlink
so nobody else can view the content. However, this is not secure enough.

Thanks,
Raymond.

The short answer is no, you don't necessarily need to buy anything else. FMS
can connect to all sorts of data sources, pretty much like the Flashplayer can.
It can connect to remoting services, XML socket servers, and make LoadVars
requests. I guess the ideal solution depends on what sort of authentication you
need to do, and what your existing http server model is.

Are the videos you're delivering different for each user, or are we talking
about a common pool of media that all users have equal rights to?

What are the challenges for authentication? Will users log in with a
username/pass, or do you just need to satisfy temporary requirements (ie fill
out a form before you can see this video)

If users have usernames/passwords, do they log in to an application on the
http server before accesing the media player (ie, do they log in to the "site",
or do they just need to log in to the FMS application)?

JayCharles,
Thank you for your reply. I have a member's area of site where authenticated
users can watch movies. They click on a link, load a new page and the movie
starts playing embedded in it. No authentication required there. The
authentication is for access to a the members' site and I use apache htaccess
for that. All members will have access to all movies once they log to the
members area successfully. My concern is that if a member can save the html
page that embeds the movie they can distribute it to other unauthenticated
users that just need to save the html page to the desktop and open it in a
browser to be able to view the movie.

Generate a unique id for the logged in session and store it. Make all
authenticated material accessible through a different application. When a user
tries to connect to this application, the session id is sent with the connect
command. The FMS App then chekcs if the supplied session id is correct and, if
not, refuses the connection.

ManMachine,
Thank you for the reply. I have thought about the sessionid but there is a
major problem with it. Sessions must be long because my movies are long. Then
during the existence of the session the user could just save the web page with
the embedded movie to the desktop as an HTML page and resend that to others and
all they have to do is double-click that html page to view the movie until I
remove that movie or change the application name of my FMS movie on the server.
A way to really limit this activity is to block access to the same movie from
more than one ip address however I have not been able to accomplish this so far.
What do you think?
Raymond.

You could store the user's IP after the users authenticates himself and have
your FMS check a database to see if the IP is in the list.

Even if the pirate user would distribute the HTML page containing the 'source'
of the player etc in it to others they wouldn't be able to access your FMS.

Besides that you should do periodic checking of access TO your FMS inside a
serverside actionscript ON your FMS AGAINST your (webserver) database...

Yes this isn't easy but if you implement it correct it will be 99,9% foolproof.

FMS_Developer,
Thank you for your response. How do I enable my FMS server to check a database
or do any kind of interaction with a database? I have not found a single
command-line tool to come with the FMS server that will give me info on what
users are connected from where and what they are streaming.
Now how would a "server-side actionscript" work? I don't know anything about
it but if you could respond with some keywords I could google it and learn how
to do this.
Thanks again.
Raymond.

serversided actionscript = actionscript that's inside the FMS server.
"main.asc" ; read some docs and you'll learn quickly.

Whenever a client connects to your FMS it will invoke a so called 'onConnect;
event. It's a function of your serversided-actionscript code. It will run on
the server. And inside that function you can call a
ASP,PHP,Perl,Python,CFM-script on a webserver, which can connect to a database
(like mysql, postgresql, ms sql server) and some authentication.

When your client would connect to the FMS server you would let the user supply
an "ID" so you know on the server who is connecting. Then you can lookup via
the call to a script if that ID/user is allowed to go further. Only after the
user has been validated he will have access to FLV content etc on your FMS
server.

Please do see the difference between FLV movies that can be downloaded by ANY
flash player using a 'progressive download' and FLV movies that are streamed to
the client using a FMS server.

FMS_Developer,
Thank you very much for your help. I'll definitely try this.

FMS_Developer,
I tried to work on your suggestion but the connectivity code that I have added
won't even make a connection to the web server. Do you know what I am missing?
Here's the original code of main.asc:
application.onConnect = function(p_client, p_autoSenseBW) {
trace("onConnect");
//Add security here
this.acceptConnection(p_client);
if (p_autoSenseBW)
this.calculateClientBw(p_client);
else
p_client.call("onBWDone");
}

I modified this to (nothing changed except for adding the two lines of code at
beginning of function):
application.onConnect = function(p_client, p_autoSenseBW) {
nc = new NetConnection();
nc.connect("http://10.10.32.133/y.html");
trace("onConnect");
//Add security here
this.acceptConnection(p_client);
if (p_autoSenseBW)
this.calculateClientBw(p_client);
else
p_client.call("onBWDone");
}

The FMS server is supposed to connect to http://10.10.32.133/y.html when I
start streaming a movie but no connectivity initiates - the web server logs
show nothing and tcpdump shows no traffic to port 80 on the web server.
Do you know what I am doing wrong?
Raymond.

You tried a netconnection which is wrong and is only used to connect to an FMS
server.

You need to create an XML object and use the .load method of that object to
load external data. This data has to be in XML-formatted.

You can create a demo XML-structure (see below) and let FMS load it. Afterward
you can create a PHP script that outputs the same structure and fill in
variables as you like. (id, username, access, credits, etc etc)



pseudo-example:

function onConnect(parameters) {
my_xml = new XML();
my_xml.onLoad = function(parameters) {
//extract data from the loaded XML file
// eg.
xml_access_nodes = my_xml.firstChild;
if (xml_access_nodes.nodeName == "my_session") {
// jep this is our structure, starting with a my_session-tag
for (my_node = xml_access_nodes.firstChild ; my_node != null ;
my_node.nextSibling) {
switch(my_node.nodeName) {
case "auth":
result_auth = my_node.firstChild.toString(); // data from XML
is type-less :S
// inside result_auth you'll find a true or false ; the value
you produced with your PHP script ..
break;

}
}
}
}
my_xml.load("http://webserver/path/script.php");
}

In this case the php script should return a valid XML structure like


yourfile.xml:

<my_session>
<auth>true</auth>
</my_session>

Make sure to include some XML-headers in your PHP script like:

<?php
header("Content-type: application/xhtml+xml\n\n");
echo '<?xml version="1.0"?>';
?>
<my_session>
<auth><?php echo "true"; ?></auth>
</my_session>



These are parts copied and pasted from our own application. Have fun.

I'd almost forget that you can use the easy to use method "Loadvars" to load
data from a php-script. We were forced to use the XML method but the Loadvars
methode is probably easier and faster to implement for you.

I'd use the Loadvars if possible since we suspect the XML object to leak A LOT
of memory.

FMS_Developer,
Thank you very much for your extensive help. Per your suggestion I used the
XML object and was able to generate a request to the web server which is
awesome. I think there's one last piece that I need to put all this together.
How do I pass the user credentials to the actionscript script on the server
side?
For example here's a piece of the HTML on the browser that embeds the movie:
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#ve
rsion=6,0,79,0" width="662" height="531" id="FLVPlayer">
<param name="movie" value="FLVPlayer_Streaming.swf" />
<param name="salign" value="lt" />
<param name="quality" value="high" />
<param name="scale" value="noscale" />
<param name="FlashVars"
value="&MM_ComponentVersion=1&serverName=10.10.32.110&skinName=Halo_Skin_3&appNa
me=flash320/video&streamName=stream1&isLive=false&bufferTime=0&autoPlay=true&aut
oRewind=false" />
<embed src="FLVPlayer_Streaming.swf"
flashvars="&MM_ComponentVersion=1&serverName=10.10.32.110&skinName=Halo_Skin_3&a
ppName=flash320/video&streamName=stream1&isLive=false&bufferTime=0&autoPlay=true
&autoRewind=false" quality="high" scale="noscale" width="662" height="531"
name="FLVPlayer" salign="LT" type="application/x-shockwave-flash"
pluginspage="http://www.macromedia.com/go/getflashplayer" />
</object>

In the code above do I insert the username & pass in a separate <param> tag or
do I add it to somewhere else? Then, once I have the HTML passing the user/pass
info where on the server do I grab that data and how do I go about it - do I
pass it as a parameter at the end of the onconnect method:
application.onConnect = function(p_client, p_autoSenseBW, ?????????) {
or do I plug it in somewhere else?

Raymond.

You can pass variables to the SWF like you are already doing with "serverName"
and "skinName" etc. Just pass "app_username=joe" and "app_password=test" and
you can read those variables inside your swf and pass them in the
netconnection.connect() method like this:

swf code:

my_netconnection.connect("rtmp://myserver.com/my_application/my_instance",my_par
ameter1, my_parameter2, etc);

(you can pass as many parameters as you want on the .connect line)

But to make things a bit more flexibel I would put all parameters inside an
object and pass the object so your .connect method is a bit more readable:

swf code:
obj_parameters = new Object();
obj_parameters.login = app_loginname; // you got this from outside the swf
obj_parameters.password = app_password; // you got this from outside the swf
obj_parameters.my_integer = 726262; // example
obj_parameters.my_name = "guess what, a demo";

my_nc = new Netconnection();
my_ncconnect("rtmp://myserver.com/my_application/my_instance", obj_parameters);

server code:

application.onConnect = function (obj_client, obj_client_parameters) {
// obj_client is always submitted
// obj_client_parameters holds your parameters
client_login = obj_client_parameters.login;
client_password = obj_client_parameters.password;
// now go and start and XML object and supply login + password as parameters
like this:

my_xml = new XML();
my_xml.onLoad = function() {
// check the result;
}
my_xml.load("url?login=" + client_login + "&password=" + client_password);
// call the script and supply the login & password the client submitted
// let the script verify the combination
// return a true or false
// accept the users connection or kill it
}

etc