Programming4us
         
 
 
Windows Server

Windows Server 2008 : Configuring Windows Media Services (part 11) - Configuring Security for Windows Media Services

12/24/2010 8:59:04 AM

Configuring Security for Windows Media Services

As with other types of network-accessible content, it is important to ensure that only authorized users have access to streamed audio and video. Some organizations provide content only to paid or registered users and want to prevent others from using network bandwidth. Unauthorized individuals must also be prevented from directly linking to content or downloading and redistributing media files. Windows Media Services provides several methods for securing Streaming Media Services. Default security settings can be defined at the server level. These settings will apply automatically to all publishing points on the server. However, you can also override the settings for each individual publishing point. In this section, you will learn about authentication, authorization, and permissions settings that are available within the Properties tab of a publishing point.

Configuring Authentication Options

By default, new publishing points will inherit the security-related settings that are defined at the server level. You can define specific settings for different types of content by accessing the Authentication category on the Properties tab of a publishing point. (See Figure 30.)

Figure 30. Viewing Authentication settings for a publishing point


You can authenticate users by one of three methods. WMS Anonymous User Authentication specifies that Windows Media Services should not prompt users for credentials. However, when this option is enabled, users will be able to access content designated only to the user account that has NTFS file system permissions. The default user account is the WMUS_servername account, which is automatically created when you install the Streaming Media Services server role. To change the account setting, double-click the WMS Anonymous User Authentication plug-in and provide the appropriate username and password. Anonymous authentication is useful when you want all the users of the media server to have access to the same set of content.

WMS Negotiate Authentication uses either NTLM or Kerberos-based methods to determine the identity of the incoming user. This method is useful if you want to restrict access to users who have accounts on the local server or within an Active Directory directory services domain. When users attempt to access content, their Windows credentials will be used to determine whether they have permission to access the requested files.

The WMS Digest Authentication option is used primarily to support Internet users. It relies on the HTTP protocol to request and receive credentials over the network. For security, it does not send the actual password but a hash that can be used to validate the user’s identity.

Configuring Authorization Options

The Authorization properties for a Windows Media Services server or a publishing point specify how permissions will be checked before users have access to content. There are three available options. (See Figure 31.) WMS NTFS ACL Authorization uses NTFS file system permissions to determine whether a user has access to files. If only anonymous authentication is enabled, then the designated anonymous user account must have at least permissions to the content. Otherwise, when user credentials are supplied, the user’s effective permissions are checked before a stream is sent.

Figure 31. Viewing Authorization options for a publishing point


Some Windows Media Services installations are intended for use by only a certain group of computers. For example, an organization might provide company meeting videos that require all users to connect to the organization’s local area network (LAN) to obtain access to the content. Administrators can use the WMS IP Address Authorization plug-in to specify which IP addresses will be able to access content. (See Figure 32.) Default settings can be configured to automatically allow or deny connections that are not explicitly listed.

Figure 32. Configuring properties for WMS IP Address Authorization


You can use the WMS Publishing Points ACL Authorization plug-in to configure which users and groups have access to the publishing point. (See Figure 33.) To access content, users must have at least Read permissions. By default, the Everyone group has these permissions to the content. Users and groups can also be granted Write and Create permission to modify the contents of the publishing point.

Figure 33. Configuring WMS Publishing Points ACL Authorization settings


Using Web Server Permissions

Another method of securing access to streamed audio and video content does not directly involve Windows Media Services. You can use permissions and security options that are available with the Web Server (IIS) server role to secure links and other content that might be accessible to users. For example, you might expose links and playlists for video content only to registered users who are connecting using a secure SSL connection. .

Other -----------------
- Windows Server 2008 : Configuring SMTP (part 6) - Using an SMTP Virtual Server
- Windows Server 2008 : Configuring SMTP (part 5)
- Windows Server 2008 : Configuring SMTP (part 4) - Securing Access to an SMTP Virtual Server
- Windows Server 2008 : Configuring SMTP (part 3) - Configuring General SMTP Server Settings
- Windows Server 2008 : Configuring SMTP (part 2) - Creating a New SMTP Virtual Server
- Windows Server 2008 : Configuring SMTP (part 1) - Installing the SMTP Server Feature
- Windows Server 2008 : Configuring FTP (part 14) - Using FTP Client Software
- Windows Server 2008 : Configuring FTP (part 13) - Configuring Directory Browsing
- Windows Server 2008 : Configuring FTP (part 12) - Managing FTP Site Settings
- Windows Server 2008 : Configuring FTP (part 11) - Managing FTP Firewall Options
- Windows Server 2008 : Configuring FTP (part 10) - Configuring FTP SSL Settings
- Windows Server 2008 : Configuring FTP (part 9) - Configuring FTP User Isolation Options
- Windows Server 2008 : Configuring FTP (part 8) - Managing FTP User Security
- Windows Server 2008 : Configuring FTP (part 7)
- Windows Server 2008 : Configuring FTP (part 6) - Installing and Managing FTP 7
- Windows Server 2008 : Configuring FTP (part 5)
- Windows Server 2008 : Configuring FTP (part 4)
- Windows Server 2008 : Configuring FTP (part 3) - Configuring FTP Site Properties
- Windows Server 2008 : Configuring FTP (part 2) - Configuring FTP Sites by Using IIS 6.0 Manager
- Windows Server 2008 : Configuring FTP (part 1) - Installing the FTP Publishing Service
 
 
Most View
- Coding JavaScript for Mobile Browsers (part 5)
- SharePoint 2010 : Use the Datasheet View to Add, Edit, or Delete Items and Files
- Windows Server 2008 R2 : Installing Windows SharePoint Services (part 2)
- Windows Vista : Custom Startups with the Advanced Options Menu & Useful Windows Vista Logon Strategies
- Windows 7 : Using Parental Controls to Restrict Computer Usage (part 1) - Activating Parental Controls
- Developing for Windows Phone and Xbox Live : Sprites and 2D Graphics - Rendering Text
- Windows Small Business Server 2011 : Understanding the Update Process (part 1) - Understanding the WSUS Default Settings, Installing Server Updates Manually
- Windows Phone 7 : Browsing the Web - Changing Privacy Settings
- Keyword Research Tools (part 2)
- BizTalk 2009 : Handling Failed Messages and Errors
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS