Security :: Protecting A Video Streaming Url From Debugging Or Hacking Tools?
Feb 24, 2010
I am working on a video streaming project, objective is to upload video to content provider's server and play it to the authenticated user only, it should not be accessible to unauthorized users, content provider provided APIs and Endpoints to pass security options but it seems not working when I pass those parameters to API along while uploading video streaming file, I need to know how I can do that, is there any other way that I can use rather than Content Provider's API Endpoints
I am trying to play a video file in an aspx page. the video resides in the database.
I am using handler file (ashx) for that, and using the ashx file as src value of embed tag in the aspx page.
[Code]...
it works if I use media player activex ( object tag) . but it does not work for FF. I think embed tag is most standard. so i am trying to use it for streaming video.
To get the lok and feel and lil idea about my problem[URL]in this web site you can see the list of videos..when you click on the video it starts..in my case it does not work...i've made setting in IIS that it should support flv files in my HTTP HEADERSbut still it's not working on my local machine and also i have the latest flash player..when i click on video the player is not loaded..so any idea ...wot is going on...?
I am wanting to stream flash video files from IIS to an .aspx page. I have added the video/x-flv mime type to IIS, but am still having problems. I have seen a few articles about using HTTP Handlers, but they seem to be inconsistent and I'm not exactly sure why they woul dbe needed.
I am totally desparate with the task of Video Conversion, uploading & streaming. I have gone through various articles, posts, blogs and code snipped but couldnt find any full working solution for that.I was advised to work with ffmpeg and i got the functionality [URL]but later i come to know that most asp.net servers (including mine) do not allow to ffmpeg on the server.
Then i look for other solutions, some are saying to convert video files manually and then upload to website (funny hannn). Some are suggesting other site which can store our video and stream from there servers .....So i am stuck now and dont know where to go. I need a complete solution of this problem. Like Users could upload a video file (of any format or at least a good number of choice for upload file format), then they click an upload button and video conversion (e.g. to .flv took place) and the output should be displayed to a user in video player (showing our own logo, not youtube logo....etc.) and thats it.I will definately appreciate all of your comments and guidence.
My project is to create a website that facilitates giving live lectures on intranet. Hence, the bandwidth is not an issue here.
Also, I have implemented some basic code of live streaming using windows media encoder SDK in a C# console application. I was able to view the streaming on another LAN PC in VLC player.
Now, how do I implement my code in the asp.net website? What I want is that in order to start the streaming (i.e., start the live lecture), the facutly just clicks on a button in a webpage. This will stream his movements to the students (via a server). Also, this will enable the facutly to view himself on the webpage.
Is this even possible? I mean it would be like : both the student and the faculty will access the same website. The interface to both of them will be different - one will start the stream and the other (student) will receive the stream.
Or will I have to create a different application to start the streaming? So it would be like the facutly will start that applicaiton to start the streaming and the students will access the stream throught the player embedded in the website.
Another question is : what player should I use to receive the stream (on the student side)? Windows Media Player (I heard that it has problems with firefox)? Or the ubiqutous flash plugin will succeed in capturing the media encoder stream?
I'm having a problem with file streaming where this file is a video that is streamed to a FLV player.
Essential components for understanding the problem:
- An asp.net page called Viewer.aspx that has de FLV player incorporated in the HTML.
- An asp.net page (It could be an http handler but in this case it's not) called Downloader.aspx that gets a flv file from somewhere on the web and writes it to the Response Output Stream.
Everytime Viewer.aspx is called, it makes Downloader.aspx the source of the the FLV player and the video is correclty presented and streamed into the player.
The problem I am having now is that any user interaction with the page (even typing an URL inside the same website domain on the browser address bar) becames hung until the video download ends.
I can measure this video download with HTTP Watch for example, and confirm that just after the video download into the player ends, the command issued by the user is immediately processed (or the browser goes to another page if the user typed a new address in the browser address bar).
I tought that it could be the limit of 2 connections per domain, but HTTP Watch only shows one active connection (the video download into the FLV player).
Even if it was this 2 connections limit, I think a nice solution would be to somewhat detect the user interaction with the page and abort that video download.
I need to audio and video streaming option on my website, like registered user can upload the video through browser option and other users can view that video on website like youtube.
I will have my asp.net site on a shared hoster. Whats the best way to prevent others hacking and viewing my code? The code I most want to secure is in usercontrols and some more code is in class modules. vb.net/MSVS2005/Ajax) Or do I secure the whole site? I also here some encypting code tools cant handle sophisticted code. Also does encryption slow down code and make the site harder to manage...
There is an ASP.NET application www.example.com/APP. From within the application several documents - for example office documents DOCX, PDF, etc. - can be opend. They are accessed via some virtual directory as in www.example.com/APP/VIRTUAL/letter.pdf.
Of course, the documents may only be accessed from within the application, after the user has been identified succssfully. Some documents may only be opened by some privileged users. It should be impossible to open letter.pdf by simply entering the above url into a browser
I am thinking about the following...
The name of the virtual directory is kept secret. After the user has successfully logged into the application, some secret is created. The secret contains the user's ID and some time information (valid from / until). Then, if a document is to be referenced from within the application, the url www.example.com/APP/<secret>/letter.pdf is referenced. In IIS the secret is checked. For this, some of my code is called, when serving a request. If successfull, the url is rewritten as www.example.com/APP/VIRTUAL/letter.pdf. I tried several components, such as the IIS URL Rewrite, IHttpModule, IHttpHandler. Unfortunately, I did not yet succeed.
I'm using the following code which autheticates a user and redirect him to a members webpage. This works however if I access the protected page directly I bypass the security. Do I need a check in the OnLOAD for each page? My second question is how to say hello username on the members page. What variable can I reference to display the username?
I have a business site that I want to use to show clients their projects I am working on. I don't want these projects to be visible to anyone but the clients, so I give them a user ID and password. I want to use asp.net membership to manage the login IDs and passwords, but I want to use jquery to submit the login form (it's lighter and leaner than the login control). Here is what I have: Page with an html form for login .js file with the jquery calls & code in it httpHandler to process the information from the formI have the user to entering their ID and password, I am using jquery.forms.js to process the form, which calls the httpHandler and passes the form values to the handler. I have the handler check to see if the user ID and password are correct, if not, it passes back a message to be displayed to the user. If the user is valid, then I have it passing back the role of the user, which also happens to be the name of the folder the client needs to view. I have the page redirecting via javascript to the client's folder once they are authenticated. I have the location of the client folder setup in my web.config.
The problem I'm having is the page just redirects back to the login page, with the return url included (?ReturnUrl=%2fCTS%2f2010+Design%2fLasmer%2findex.aspx). I want it to go to the client folder (Lasmer in this case) once the user has been authenticated. Shouldn't it send me to the folder's default page once it knows the user is authenticated? Do I have a problem in the way my web.config is wired up, and do I need anything in the client folder's web.config?Here is the code for the web.config:
As per the increasing security threats, my site needs extreme care in terms of security in all aspects. I know asp.net has built in some security measures (Anti-forgery token, cross-site scripting, authentication, roles), but that is just not enough.I need a tool to test all possible security threats (Brute-force attacks, .... IP location, browser info ... )and a framework (open source is better) that handles all these concerns and let you build upon.
EDIT,So to narrow a bit, my primary concern is protecting the "login" page from all possible threats.
I am using Visual Studio 2008 Pro SP1. Every time I try to access the security tab in Web Application Administration Tools I get this message:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may in diagnosing the problem: Unable to connect to SQL Server database.
I'm using VS2008 and incorporating forms authentication into a web application, but have been unable to test my changes in the debugger. This seems to be an issue with having to use Integrated Windows authentication for VS2008 debugging.
How can I use VS to debug my forms authentication code-behind?
I'm uploading xls file onto my server using ASP.NET VB. Should I take some precautions so that not one would upload some hacking script to hack my site using this upload?