Token-Based Authentication and Smooth Streaming

Applies To:
HTTP Large
Smooth Streaming

If you would like to use Token-Based Authentication on the HTTP Large platform, then you will need to perform one of the following:

Note: For additional information on HTTP Rules Engine, which must be purchased separately, please contact your CDN account manager.

To prevent Token-Based Authentication security from being applied to ISMV/ISMA assets

  1. Navigate to the Rules Engine page which can be found on the HTTP Large tab.
  2. Specify the name for the new rule in the Name / Description option.
  3. For the match option, select "URL Path Extension."
  4. In the Value option, type "ISMA ISMV."
  5. Mark the Ignore Case option.
  6. Add a feature by clicking the plus symbol () that appears next to it.
  7. For the feature option, select "Token Auth" and set its status to "Disabled." Your new rule should look like the following illustration:
  8. Click Add.

Note: A rule will not immediately take effect. It must first undergo an approval process. Once it has been approved, it will take an hour to take effect.

Technical Information

By default, a location secured by Token-Based Authentication is not compatible with Smooth Streaming. This compatibility issue arises due to the nature of how Smooth Streaming delivers content to your clients. For each stream, Smooth Streaming generates a manifest file and the ISMV/ISMA assets associated with each bit rate feed. The manifest file provides a list of ISMV/ISMA assets that the client will use when requesting the next video segment. If Token-Based Authentication has been enabled on the publishing location, then a valid token will be required for the manifest file and for each of those ISMV/ISMA assets. It is a relatively simple matter to specify a valid token for the manifest file, since you can define this value when implementing your Silverlight player. However, a default manifest file does not include such a token when it lists the available ISMV/ISMA assets. This creates a situation where a client can be authorized to access the manifest file but be denied access to the file chunks. As a result, the player would get a listing of the available streams but be unable to play any of them.

Note: On-demand content takes advantage of a static manifest file. As a result, you can easily add the proper token values to each file chunk either through a script or by manually appending them. However, the recommended practice is to bypass Token-Based Authentication security on file chunks, regardless of whether you are streaming live or on-demand content.