Hi I'm fairly new to asp.net and here's my project:
my company runs a website that provides daily video broadcasts to our clients. our clients have access to a specific link which I will call "videolink.aspx" and that's hosted in the address http://www.mycompany/videolink.aspx in which there is a windows media player embed. The file videolink.aspx uses sessions to authenticate users.
However when I look at the source of the object
<object id="MediaPlayer" width="340" height="280" classid="CLSID:22D6F312-B0F6-11D0-94AB-0080C74C7E95"
standby="Loading Windows Media Player components..." type="application/x-oleobject">
<param name="FileName" value="broadcast.asx">
<param name="autostart" value="true">
<param name="ShowControls" value="true">
<param name="ShowStatusBar" value="false">
<param name="ShowDisplay" value="false">
<embed type="application/x-mplayer2" src="broadcast.asx"
width="320" height="280" showcontrols="1" showstatusbar="0" showdisplay="0" autostart="0">
</embed>
</object>I figured the following issue:
If a user opens a browser and instead goes to http://www.mycompany.com/broadcast.asx he will gain full access to the video without authentication. so non clients can still see the video.
My goal would be to then implement something that prevents everyone from gaining access to the source "broadcast.asx", I was browsing around and came across a topic called "Impersonation", and perhaps thought it may be what I'm looking for.
Can anyone please explain to me a bit further in to this ? and if possible help me out with a solution for this ?
thanks in advance.