Share via


Authentication Plug-in Overview

You can use an authentication plug-in to verify the identity of clients trying to access resources on your server. Windows Media Services supports the following authentication protocols.

Protocol

Description

Anonymous

Enables unauthenticated users to access content without being prompted for a user name or password. Because the plug-in uses a Windows user account, you can still restrict access to content that is stored in an NTFS file system.

Digest

Uses a challenge/response HTTP authentication protocol that does not require a password to be sent over a network. Instead, the plug-in uses a hashed version of the password to authenticate the user.

Kerberos

Uses an encrypted challenge/response mechanism that requires the user's logon credentials. Kerberos differs from NTLM by authenticating the client and the server rather than just the client.

NTLM

Uses an encrypted challenge/response mechanism that requires the user's logon credentials. NTLM is a Microsoft proprietary protocol used to authenticate a client. Unlike Kerberos, NTLM does not authenticate the server.

If you have an authentication plug-in enabled and the server raises one of the following events, it calls the IWMSAuthenticationContext::Authenticate implementation provided by the plug-in.

Event

Description

WMS_EVENT_DESCRIBE

A client requested a description of the content.

WMS_EVENT_OPEN

This event is similar to the WMS_EVENT_DESCRIBE event except that WMS_EVENT_OPEN is guaranteed to be sent before the client requests specific streams from the server.

WMS_EVENT_SELECT_STREAMS

A client requested specific streams from the server.

WMS_EVENT_PLAY

A client requested that a server stream content to it.

WMS_EVENT_VALIDATE_PUSH_DISTRIBUTION

An encoder or upstream server is attempting to push content to the server.

See Also

Concepts

Creating Authentication Plug-ins