This question was asked quite a few times from our customers and on the media forum. The scenario is that I, as an site administrator, want to authenticate encoder streams that are pushing in for live smooth streaming. However, I don’t really want all the smooth streaming players having to do the same authentication. This is definitely a valid and reasonable scenario. An analogy is that I want to authenticate users who want to upload content to my web site without the need to authenticate the browsers.
To enable this, first let’s review some basics of live smooth streaming. The key thing that we will be leveraging here is the fact that encoder connections are all POST requests while the client requests all use GET verb. Given that IIS Live Smooth Streaming is built on top of IIS platform, we can enable this by using standard IIS authentication and authorization mechanisms.
So here are the steps:
1) Enable the authentication scheme of your choice (“Basic Authentication” is used here as an example) in addition to the “Anonymous Authentication”. This can be done in the “Authentication” module in IIS Manager.
2) In the “Authorization Rules” module, remove the default “Allow All User” rule.
3) In the same “Authorization Rules” module, add a new rule to allow all users with GET verb. This rule will allow anonymous GET requests coming from the smooth streaming clients.
4) In the same “Authorization Rules” module, add a new rule to restrict the users for POST requrests (in this case it’s “sam-oob\sam”). Those users are the only ones that can post encoder streams to the publishing points:
Ok, now if I use Expression Encoder to push to my publishing point, I would get the following dialog box asking for credentials:
So I enter the password for user “sam-oob\sam” as I configured in step (4). Bingo! the encoder is now able to connect to the publishing point through an authenticated connection. If I bring up my smooth streaming player, it is still able to play from this publishing point without any authentication.