htacess, passwords & mediaplayer double login problem
 

I want users to be able to play mpg files from a members area that is password protected. When they are already logged in... and trying to open files to Win media player... the LogIn window pops up requiring them to login again.

This does not work:

AuthUserFile /www/domain/members/.htpasswd
AuthName "USERS"
AuthType Basic
Satisfy any

SetEnvIf User-Agent ^Windows-media-player/ WMP

<FilesMatch mpg$>
Order allow,deny
Allow from WMP
</FilesMatch>

Any ideas? how this should be handled?

And how I can get dialer connections... allowed to members area without asking psw?

No any Apache experts ?

i have never been able to figure that one out myself....always happens, but no member has ever complained

I dunno maybe link to the clips in the:
http://user:[email protected]/ format ?

I'm not sure why that logic does not work, I'm thinking that your setenv if statement is not being properly matched perhaps, but the only way I've seen players be able to stream protected media files, is via a session string.


The session string gets sent with the request and you decode the string when the media player makes the request...

something like...

yourserver.com/protected_files/someweird_ass_crypted_string/file.mp3


You can setup some type of apache/mod_perl handler to do the authentication when it hits that protected_files directory and then allow the file to be delivered or not. That will get rid of your htaccess double popup problem.

That's one way to do it. But maybe not the easiest or most straight forward way to do it

With one of the IE updates, you can no longer pass user/pass in URLs no more. Or, it might be just IE does not recognize that anymore, but media players still might. *shrug*

WMP does not carry the USER name as fas as I have noticed. It seems to be impossible to carry username/password from the browser to the media player. The user-agent has to tell the server that it's authorized somehow, but how?! Sure there must be some working solution to prevent VMP to asking psw "again".

Thx... but it sounds too complicated for me :( Im not sever expert at least yet.

I think the dialer problem should be solved with the mod rewrite engine:

order allow,deny
allow from all
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.dialer-domain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://212.162.56.189/ [NC]

(dialer-domain.com or IP-adress of the dialer)

Yes that works, but now comes the BIG PROBLEM...
when dialer / broadband voice call user is trying to view moview using WMP... MediaPlayer asks the password!!! huh!

The problem is that wmp requires plugins which are taken from outside your website. Those plugins don´t have the referrer, of course, so that´s why .htaccess asks for the password.

So the only solution is a a specíal get-request to load the video without asking for a pw.

Is there any way to allow user from some referrer... for ex MYDOMAIN without psw while requiring psw from users from other referrers like 123DOMAIN?