htacess, passwords & mediaplayer double login problem - GoFuckYourself.com

brutus · 08-19-2004, 02:06 PM

I want users to be able to play mpg files from a members area that is password protected. When they are already logged in... and trying to open files to Win media player... the LogIn window pops up requiring them to login again.

This does not work:

AuthUserFile /www/domain/members/.htpasswd
AuthName "USERS"
AuthType Basic
Satisfy any

SetEnvIf User-Agent ^Windows-media-player/ WMP

<FilesMatch mpg$>
Order allow,deny
Allow from WMP
</FilesMatch>

Any ideas? how this should be handled?

And how I can get dialer connections... allowed to members area without asking psw?

brutus · 08-19-2004, 02:22 PM

No any Apache experts ?

Jace · 08-19-2004, 02:28 PM

i have never been able to figure that one out myself....always happens, but no member has ever complained

s9ann0 · 08-19-2004, 02:33 PM

I dunno maybe link to the clips in the:
http://user:[email protected]/ format ?

koreanbbque · 08-19-2004, 02:35 PM

I'm not sure why that logic does not work, I'm thinking that your setenv if statement is not being properly matched perhaps, but the only way I've seen players be able to stream protected media files, is via a session string.

The session string gets sent with the request and you decode the string when the media player makes the request...

something like...

yourserver.com/protected_files/someweird_ass_crypted_string/file.mp3

You can setup some type of apache/mod_perl handler to do the authentication when it hits that protected_files directory and then allow the file to be delivered or not. That will get rid of your htaccess double popup problem.

That's one way to do it. But maybe not the easiest or most straight forward way to do it

koreanbbque · 08-19-2004, 02:36 PM

Quote:

Originally posted by spanno
I dunno maybe link to the clips in the:
http://user:[email protected]/ format ?

With one of the IE updates, you can no longer pass user/pass in URLs no more. Or, it might be just IE does not recognize that anymore, but media players still might. *shrug*

brutus · 08-19-2004, 02:41 PM

Quote:

Originally posted by spanno
I dunno maybe link to the clips in the:
http://user:[email protected]/ format ?

WMP does not carry the USER name as fas as I have noticed. It seems to be impossible to carry username/password from the browser to the media player. The user-agent has to tell the server that it's authorized somehow, but how?! Sure there must be some working solution to prevent VMP to asking psw "again".

brutus · 08-19-2004, 02:45 PM

Quote:

Originally posted by koreanbbque
I'm not sure why that logic does not work, I'm thinking that your setenv if statement is not being properly matched perhaps, but the only way I've seen players be able to stream protected media files, is via a session string.

The session string gets sent with the request and you decode the string when the media player makes the request...

...

That's one way to do it. But maybe not the easiest or most straight forward way to do it

Thx... but it sounds too complicated for me

Im not sever expert at least yet.

frank7799 · 08-19-2004, 02:56 PM

I think the dialer problem should be solved with the mod rewrite engine:

order allow,deny
allow from all
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.dialer-domain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://212.162.56.189/ [NC]

(dialer-domain.com or IP-adress of the dialer)

brutus · 08-19-2004, 02:59 PM

Quote:

Originally posted by m4yadult
I think the dialer problem should be solved with the mod rewrite engine:

order allow,deny
allow from all
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.dialer-domain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://212.162.56.189/ [NC]

(dialer-domain.com or IP-adress of the dialer)

Yes that works, but now comes the BIG PROBLEM...
when dialer / broadband voice call user is trying to view moview using WMP... MediaPlayer asks the password!!! huh!

frank7799 · 08-19-2004, 03:26 PM

The problem is that wmp requires plugins which are taken from outside your website. Those plugins don´t have the referrer, of course, so that´s why .htaccess asks for the password.

So the only solution is a a specíal get-request to load the video without asking for a pw.

brutus · 08-19-2004, 03:48 PM

Is there any way to allow user from some referrer... for ex MYDOMAIN without psw while requiring psw from users from other referrers like 123DOMAIN?

08-19-2004, 02:06 PM	#1
brutus Confirmed User Join Date: Mar 2002 Location: Living in the bottle. Posts: 590	htacess, passwords & mediaplayer double login problem I want users to be able to play mpg files from a members area that is password protected. When they are already logged in... and trying to open files to Win media player... the LogIn window pops up requiring them to login again. This does not work: AuthUserFile /www/domain/members/.htpasswd AuthName "USERS" AuthType Basic Satisfy any SetEnvIf User-Agent ^Windows-media-player/ WMP <FilesMatch mpg$> Order allow,deny Allow from WMP </FilesMatch> Any ideas? how this should be handled? And how I can get dialer connections... allowed to members area without asking psw? __________________ Last edited by brutus; 08-19-2004 at 02:09 PM..

08-19-2004, 02:22 PM	#2
brutus Confirmed User Join Date: Mar 2002 Location: Living in the bottle. Posts: 590	No any Apache experts ? __________________

08-19-2004, 02:35 PM	#5
koreanbbque Confirmed User Join Date: Dec 2003 Location: Riverside and San Diego Posts: 688	I'm not sure why that logic does not work, I'm thinking that your setenv if statement is not being properly matched perhaps, but the only way I've seen players be able to stream protected media files, is via a session string. The session string gets sent with the request and you decode the string when the media player makes the request... something like... yourserver.com/protected_files/someweird_ass_crypted_string/file.mp3 You can setup some type of apache/mod_perl handler to do the authentication when it hits that protected_files directory and then allow the file to be delivered or not. That will get rid of your htaccess double popup problem. That's one way to do it. But maybe not the easiest or most straight forward way to do it __________________ KBBQ 2 3 1 6 1 8 8 1 6

08-19-2004, 02:56 PM	#9
frank7799 Confirmed User Industry Role: Join Date: Jul 2003 Location: In the middle of nowhere... Posts: 1,974	I think the dialer problem should be solved with the mod rewrite engine: order allow,deny allow from all AuthUserFile /dev/null AuthGroupFile /dev/null RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/ [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/ [NC] RewriteCond %{HTTP_REFERER} !^http://www.dialer-domain.com/ [NC] RewriteCond %{HTTP_REFERER} !^http://212.162.56.189/ [NC] (dialer-domain.com or IP-adress of the dialer) Last edited by frank7799; 08-19-2004 at 03:00 PM..

08-19-2004, 03:48 PM	#12
brutus Confirmed User Join Date: Mar 2002 Location: Living in the bottle. Posts: 590	Is there any way to allow user from some referrer... for ex MYDOMAIN without psw while requiring psw from users from other referrers like 123DOMAIN? __________________

08-19-2004, 02:28 PM	#3
Jace FBOP Class Of 2013 Industry Role: Join Date: Jan 2004 Location: bumfuck, ky Posts: 35,562	i have never been able to figure that one out myself....always happens, but no member has ever complained

08-19-2004, 02:33 PM	#4
s9ann0 Confirmed User Join Date: Sep 2001 Location: Boston Posts: 4,873	I dunno maybe link to the clips in the: http://user:[email protected]/ format ?

08-19-2004, 03:26 PM	#11
frank7799 Confirmed User Industry Role: Join Date: Jul 2003 Location: In the middle of nowhere... Posts: 1,974	The problem is that wmp requires plugins which are taken from outside your website. Those plugins don´t have the referrer, of course, so that´s why .htaccess asks for the password. So the only solution is a a specíal get-request to load the video without asking for a pw.