Authentication Plug-in Overview
You can use an authentication plug-in to verify the identity of clients trying to access resources on your server. Windows Media Services supports the following authentication protocols.
Protocol |
Description |
|---|---|
Anonymous |
Enables unauthenticated users to access content without being prompted for a user name or password. Because the plug-in uses a Windows user account, you can still restrict access to content that is stored in an NTFS file system. |
Digest |
Uses a challenge/response HTTP authentication protocol that does not require a password to be sent over a network. Instead, the plug-in uses a hashed version of the password to authenticate the user. |
Kerberos |
Uses an encrypted challenge/response mechanism that requires the user's logon credentials. Kerberos differs from NTLM by authenticating the client and the server rather than just the client. |
NTLM |
Uses an encrypted challenge/response mechanism that requires the user's logon credentials. NTLM is a Microsoft proprietary protocol used to authenticate a client. Unlike Kerberos, NTLM does not authenticate the server. |
If you have an authentication plug-in enabled and the server raises one of the following events, it calls the IWMSAuthenticationContext::Authenticate implementation provided by the plug-in.
Event |
Description |
|---|---|
WMS_EVENT_DESCRIBE |
A client requested a description of the content. |
WMS_EVENT_OPEN |
This event is similar to the WMS_EVENT_DESCRIBE event except that WMS_EVENT_OPEN is guaranteed to be sent before the client requests specific streams from the server. |
WMS_EVENT_SELECT_STREAMS |
A client requested specific streams from the server. |
WMS_EVENT_PLAY |
A client requested that a server stream content to it. |
WMS_EVENT_VALIDATE_PUSH_DISTRIBUTION |
An encoder or upstream server is attempting to push content to the server. |