I'm protecting my MP4 files on my site from hotlinking by passing the request to a generic handler with code taken from here: VideoStreamer Iphone/Ipad. The URL to the MP4 file is dynamic for each session, which is validated by the generic handler before the MP4 is streamed to the visitor.
It seems to work great for desktop browsers, but when testing on my Android, I'm unable to play the video. Might be worth noting that I'm routing my generic handler to a route such as http://example.com/myroute/dynamicfilename.mp4 with a handler within my web.config to deal with all requests for .mp4 files.
Without routing, the playback works on the Android phone using the same code. Hence, I suspect that this has got something to do with the route. Maybe that I'm handling an MP4 file extension?
Any thoughts? Is there some other/better/recommended way to do this (maybe using context.rewrite?) or some other method in IIS that is similar to httpd mod_secdownload?
It turns out that Android (maybe iOS too) video player app at some point stops using the session passed by the browser. Hence, the first request that uses the session is valid, while the second request by the video player app receives a 404 because my generic handler could not validate the dynamically generated URL. No solution here, but it might help if somebody ends up into a similar puzzle in the future.
Related
I am trying to test out the YouTube Data API V3 to Upload a Video to YouTube in C# using the example code supplied.
I am using the OAuth2 method. I have generated a Client ID / Secret successfully.
The issue I am having is that created a standard C# MVC ASP.NET project, and every time I run it it might say for example http://localhost:5151/.
We are on a private network so I usually have to use something like ngrok to receive anything from the outside world being sent directly to my server / machine.
Anyways, where was I? So every time I run my application it says in my url box http://localhost:5151/ but when I attempt to run the code in the sample I provided above, it fails to validate me as a user because they claim that the redirect uri's I have set up in the Google API dashboard are not the same as the url being used.
So for example, in my Google API Dashboard redirect uri list I have http://localhost:5151/. But the google misdirect uri error that comes back claims that I am running on http://localhost:6163/ .
So I think wait, that must be just a fluke. So I run my application again and now in the url it again says what I would assume it should: http://localhost:5151/, but I again get the same google error_mismatch_redirect_uri error but this time with a different port: http://localhost:6621/ !!
I'm not sure what settings are on our servers but it looks like in the background my application is starting up on some random port every time and thus google thinks the redirect uri's dont match! What can I do to fix this? Am I missing something trivial here?
UPDATE:
Tried using http://localhost:8080 per their documentation. Still didn't work.
Wow, after hours of searching I found the answer here: https://stackoverflow.com/a/28794316/7010468. Apparently you have to put http://localhost/authorize/ in your list of redirect-uris...
Currently I am developing an app which fetches audio url from a youtube video id.
It is working perfectly for some url and not working at all for some urls.
Even I copied in a browser to play a audio url,One url worked other didnot.
For your information I am using Mytoolkit.Multimedia to fetch audio urls.
For example-
This url works-
https://r13---sn-h557sn7y.googlevideo.com/videoplayback?ipbits=0&mn=sn-h557sn7y&mm=31&pl=24&mime=audio/mp4&id=o-ACVoF4mkT7VFETu-c1pUD-2y3fiDbqhg_AWvjzMh6rLd&gir=yes&mt=1486618643&ms=au&requiressl=yes&ip=103.6.159.152&upn=ck_2dMVCbO0&signature=C65C13CAE27021FA797E07C3C957F2106FA43F0C.542B383152E7D32AD7F5C3C386D7D7E4CCB7C846&lmt=1458210574977365&key=yt6&itag=140&keepalive=yes&sparams=clen,dur,ei,gir,id,initcwndbps,ip,ipbits,itag,keepalive,lmt,mime,mm,mn,ms,mv,pl,requiressl,source,upn,expire&source=youtube&clen=4324664&initcwndbps=551250&ei=SgCcWKXHDM3ioAOdy6PgCA&mv=m&dur=272.230&expire=1486640298
This url does not work-
https://r9---sn-h557sn7r.googlevideo.com/videoplayback?mn=sn-h557sn7r&mm=31&key=yt6&ip=103.6.159.152&sparams=clen,dur,ei,gcr,gir,id,initcwndbps,ip,ipbits,itag,keepalive,lmt,mime,mm,mn,ms,mv,pl,requiressl,source,upn,expire&pl=24&source=youtube&dur=258.089&keepalive=yes&mv=m&gcr=in&ms=au&ei=gQCcWJyTEcS3oAPR3IjoCA&id=o-ACkoY4Axz1oHH7Ncr4llzAWZn8JoIFAtS7HTbve90Xgd&mt=1486618702&gir=yes&upn=PF_MHOBEk38&ipbits=0&mime=audio/mp4&requiressl=yes&clen=4099627&expire=1486640353&itag=140&lmt=1438240696726539&initcwndbps=551250&signature=1CDC7B591477B660AEF655DC5687F750F57C8CFF44.FB05DE5F885A99FFD0DE7B5D75AB2589C40FFF77
Also I noticed,it is not working for those whose parameter ends with signature,
I guess that does not matter.I have re-arranged parameters ,Still same error(http error 403).
Please note-Even links not working google chrome.
Is there any other ways ,where I extract audio from youtube video id.
Thanks
You may find in YouTube Data API - Errors the possible reasons why you encounter Error 403.
Based from the given link, error 403 - forbidden is basically due to a not properly authorized request. Please check and make sure that you set proper authorization or make sure that the permissions associated with the requests are sufficient.
I final built a custom library to fetch data,Problem was not with youtube links,it was with libraries I was using.
Recently I've made an application in which I've made a stupid mistake by hard cording the url I want to post data to instead of using a proxy such as no-ip.
In short words, this app is sending requests regularly to my site which ended up in consuming lots of resources to my site. The request are sent to a PHP page which doesn't exist on my site:
http://www.example.com/non-existing-page.php
I suspect that it's impossible to prevent the distributed app from sending requests to my site without changing the url of my website.
The thing is that I cannot change the url and transfer my site to different URL, So what I need to know now is what should I do in order to make this stupid mistake less resource consuming.
1- Keep things as it is
or
2- Creating a blank php with the name of the called script..
Here is the short question:
When I call a page on a remote server through WebClient, which thing consume more server resources, calling a blank php page or calling an inexisting php page..
Thanks in advance
In a general broad sense whether the 404 page will be displayed or not depends on the browser.
IE doesn't show a custom 404 page unless it's larger than 512 bytes.
See here
Same deal with chrome too.
If you do want to put a custom 404 page make sure you include a favicon in it. Otherwise it leads to really long loading times. Discussed at length here
I am using VSTS 2008 + C# + .Net 3.5 + Silverlight 3.0 + ASP.Net to develop a Silverlight application (a video media player) in browser and the function is simple, just use MediaElement to play a remote video file.
The remote server is Windows Server 2008 + IIS 7.0 + IIS Media Bit Rate Throttling Control.
Since the request media URL can be discovered (e.g. from traffic sniffer), and I want to know how to prevent from download directly from the Url? i.e. I want end user to use my Silverlight media player application in browser to play the file, prevent them from download to local directly. Any easy and quick solution or reference code/documents?
I might be clutching at straws here but what about using a HTTP handler to intercept requests to the media URL: When the HTTP handler encounters a request, it checks for a unique HTTP header in the request - this could be hard coded into your media player application so that the URL request is accompanied with the appropriate security header - and unless the HTTP header is present then all response is blocked. I know there are no code specifics here but it's an idea all the same.
Use the ASP.NET Authentication Service to authenticate/authorize your user
Put the video in a folder where the web.config prevents un-authenticated access to the contents
If I'm not mistaken (and to be truthful, there is a chance as I've never tried this particular scenario) ... that will protect your video content, while allowing the authorized user to access it via silverlight.
What Joel suggested above could make sense. Especially if the Silverlight hosting web application was running in an app pool that ran under a particular identity (i.e. "svcMyVideoApp"). Then you could make it where only this identity could access the content folder. Set all other requests for content to deny (except maybe your own :) )
If i'm not mistaken... if properly set up, IIS 7's media services shouldn't even serve the raw files no more then it should serve a raw unprocessed "aspx" page.
I only played with this a little a few months back, but when I installed the Media plugin for IIS 7, it was not serving the raw media files, and I could only access them via a silverlight interface. I used Expression Studio to create my silverlight viewer page and had it encode it for "smooth streaming".
A simple way would be to add a handler to catch the request like #pb said. I don't know if sending headers is the right thing or not though. A simple way would to just check if the request has a referrer..
String.IsNullOrEmpty(context.Request.ServerVariables["HTTP_REFERER"])
or you'll need authentication and to send the auth cookie with the request.
I have a form which you can post a file over to my server.
Is there a way, without using a custom HTTP handler, to intercept the start of the post and prevent it before the file is uploaded and bandwidth used up.
So for example, I could check an IP address and if it's blocked in my system I could stop the request before I waste 10MB of uploading.
Thanks!
EDIT:
I'm using ASP.NET MVC
This is really a job for a HttpModule, not a HttpHandler. Just check remote IP against a blacklist in the BeginRequest event and null route or what have you.
As far as I am aware, this isn't possible with stock .NET code, unless you spend time to recreate the file handling and parsing ASP.NET does.
In ASP.Net 2.0, a new FileUpload control was added that can be used to limit file types and sizes, among other things.