 |
| Support | Search | elims.org Home | |
| elims.org | ||
This page is about WMSECURE a Windows Media Services 4.1 Authorization Plug-in. WMSecure is a 2 part system a) an encryption / decryption com component used with IIS/ASP and b) the authorization component used with the WMS 4.1 Service. Included in the package is a sample implementation for the purposes of creating a content authorization system to limit unauthorized access to Windows Media streams from your server. The basic premise of this solution is to generate a MMS url with IIS that contains an encrypted data element which is then passed to the WMS server to decrypt and validate the encrypted data.
There are docs that get installed in a wmsecure folder on your start menu when you install wmsecure.exe. Contained within the documentation you will find a description of this system in a bit more detail. The WMS authorization component is also installed via the distribution package and wmsecure.exe is what you would normally install on your WMS development machine. After install you will find will find a crypto install (crypto.exe) in the "Program Files\Wmsecure" install dir that you can use with your IIS machine to install the crypto component. A sample asp/html implementation is installed into the program dir you specify when you are prompted for a path to your wwwroot.
Your feedback is valuable, let me know if you have questions, if you find this useful or if you have suggestions.
UPDATE 9/19/03: Note: This solution is not compatible with WMS9. I have considered at one point or another implementing dual interfaces on this plug-in so that it could work under either version, but would think a better solution could be written using newer technology and taking advantage of the new WMS9 features. To create this solution today I would use capicom for the crypto object, in fact it would be relatively easy to swap out the existing crypto object for the capicom object, or another crypto library you want to use.
Update 7/22/02:The following KB article q236895 is something to be aware of if you are using the 6.4 Player. CLSID:22D6F312-B0F6-11D0-94AB-0080C74C7E95" You need to use something like, http://elims.org/sample.asp?mswmext=.asx In the case where you pass other URL modifiers you need to make sure the mswmext=.asx is at the end. The url must start with “http://” and end with “.asx”. This is not needed in later versions of Windows Media Player which would be a better solution if you don't have any specific requirement for the older Media Player.
Update 11/25/01: Updated binary build is here, this is build 1.0.0.8 and addresses a bug with localhost checking. The install package has not been updated with this binary yet.
Update 11/15/01: Seen some folks asking about referrer checking. This is not included in the package or examples here is a sample that should give you an idea of one way to do referrer checking. The function will return true if the requested URL matches what is defined for this site. You could easily add an optional parameter to pass into isLocalUrl that is the value you want to match. This would be useful so you don't need to hardcode the domain match into your code.
function isLocalUrl()
{temp=false
var thisSite = "http://www.someserver.org";
var thisURL = Request.ServerVariables("HTTP_REFERER")
var st = String(thisURL);
var s = st.indexOf(thisSite);
if (s == 0)
{
temp=true
}
isLocalUrl = temp;
}
Update 11/2/01: A couple of folks have asked if this can be used with a web server other than IIS. The short answer is yes but it would require some modification and re-writing, your on your own. ;) The ASP portion would need to be re-written to be compatible with a Unix web server and the crypto implementation would need to be replaced. The provided crypto object is a com object that wraps the WIN32 crypto API. To replace you would need to have some form of crypto that would enable you to encrypt the UTC time with the appropriate timeskew and password on the UNIX machine that could be decrypted on the Windows Machine inside of the WMSecure plug-in. The plug-in has a wrapper class for the crypto function so this would be fairly trivial to plug in another crypto implementation since it is abstracted from the plug-in functions. In all this would not be too difficult but would require minor modification of the C++ WMSecure plug-in sources that are provided.
7/25/2001 - Build: 8 - Fixes bug with localhost checking. Binary release of the plug-in only. You need build 6 for the entire package/solution.
7/13/2001 - build: 6