Welcome to HostingForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

isapi filter cookie

  
   Web Hosting Problem Solving Community! (Home) -> IIS RSS
Next:  Global IIS migration tool ?  
Author Message
ptr1024

External


Since: Nov 07, 2003
Posts: 3



(Msg. 1) Posted: Fri Nov 07, 2003 12:56 pm
Post subject: isapi filter cookie
Archived from groups: microsoft>public>platformsdk>internet>server>isapi-dev, others (more info?)
Hi,

I am developing a pay-per-view web based application. I am writing an
ISAPI filter that handles the security issues. When a user requests a
page with embedded media file located in a particular directory the
ISAPI checks whether the request came from a proper place by checking
cookies. If verified the file is passed through. Otherwise the user is
redirected to a signin page.

This works well for html and image files but not for the media files.
I noticed that when a request for a media file is processed the
cookies are not accessible. I reckon that this is due to the fact that
the request comes from the application (ie windows media player)
rather than browser and therefore the cookies are not passed.

Has anyone dealt with a similar situation? Is there a work around?
Would greatly appreciate your comments.

best regards

peter

 >> Stay informed about: isapi filter cookie 
Back to top
Login to vote
someone9

External


Since: Aug 25, 2003
Posts: 2419



(Msg. 2) Posted: Fri Nov 07, 2003 4:59 pm
Post subject: Re: isapi filter cookie [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Cookies is primarily client-driven phenomenon over HTTP ( i.e. you're not
going to find cookies specified in the HTTP spec), so if you have a client
which does not support cookies... you're out of luck trying to use it.

Are you sure the problem is that the client does not support cookies, or is
the problem that your server is returning a cookie when the client knows it
never set a cookie (so it rejected it on security grounds)?

I think you're going to have to find another means of storing state --
perhaps you can keep a list of authenticated IP-addresses on the server and
redirect those that haven't logged in (i.e. transform the initial login
cookie into an IP stored on the server).

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"ptr" <ptr1024.DeleteThis@yahoo.com> wrote in message
news:fb75c062.0311070956.5be88669@posting.google.com...
Hi,

I am developing a pay-per-view web based application. I am writing an
ISAPI filter that handles the security issues. When a user requests a
page with embedded media file located in a particular directory the
ISAPI checks whether the request came from a proper place by checking
cookies. If verified the file is passed through. Otherwise the user is
redirected to a signin page.

This works well for html and image files but not for the media files.
I noticed that when a request for a media file is processed the
cookies are not accessible. I reckon that this is due to the fact that
the request comes from the application (ie windows media player)
rather than browser and therefore the cookies are not passed.

Has anyone dealt with a similar situation? Is there a work around?
Would greatly appreciate your comments.

best regards

peter

 >> Stay informed about: isapi filter cookie 
Back to top
Login to vote
jerryiii

External


Since: Aug 26, 2003
Posts: 171



(Msg. 3) Posted: Fri Nov 07, 2003 7:04 pm
Post subject: Re: isapi filter cookie [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Just use simple url rewriting - embed the value of the cookie in the url
used by media player and strip it out in your filter in preproc headers or
redirect the client to the login page or even better, send an access denied
error to the client (as media player probably won't be able to display the
login page).

Jerry

"ptr" <ptr1024.DeleteThis@yahoo.com> wrote in message
news:fb75c062.0311070956.5be88669@posting.google.com...
 > Hi,
 >
 > I am developing a pay-per-view web based application. I am writing an
 > ISAPI filter that handles the security issues. When a user requests a
 > page with embedded media file located in a particular directory the
 > ISAPI checks whether the request came from a proper place by checking
 > cookies. If verified the file is passed through. Otherwise the user is
 > redirected to a signin page.
 >
 > This works well for html and image files but not for the media files.
 > I noticed that when a request for a media file is processed the
 > cookies are not accessible. I reckon that this is due to the fact that
 > the request comes from the application (ie windows media player)
 > rather than browser and therefore the cookies are not passed.
 >
 > Has anyone dealt with a similar situation? Is there a work around?
 > Would greatly appreciate your comments.
 >
 > best regards
 >
 > peter<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: isapi filter cookie 
Back to top
Login to vote
ptr1024

External


Since: Nov 07, 2003
Posts: 3



(Msg. 4) Posted: Mon Nov 10, 2003 5:17 am
Post subject: Re: isapi filter cookie [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Thanks Jerry. that's what I thought...

peter


"Jerry III" <jerryiii DeleteThis @hotmail.com> wrote in message news:<ejekwvYpDHA.2808 DeleteThis @TK2MSFTNGP10.phx.gbl>...
 > Just use simple url rewriting - embed the value of the cookie in the url
 > used by media player and strip it out in your filter in preproc headers or
 > redirect the client to the login page or even better, send an access denied
 > error to the client (as media player probably won't be able to display the
 > login page).
 >
 > Jerry
 >
 > "ptr" <ptr1024 DeleteThis @yahoo.com> wrote in message
 > news:fb75c062.0311070956.5be88669@posting.google.com...
  > > Hi,
  > >
  > > I am developing a pay-per-view web based application. I am writing an
  > > ISAPI filter that handles the security issues. When a user requests a
  > > page with embedded media file located in a particular directory the
  > > ISAPI checks whether the request came from a proper place by checking
  > > cookies. If verified the file is passed through. Otherwise the user is
  > > redirected to a signin page.
  > >
  > > This works well for html and image files but not for the media files.
  > > I noticed that when a request for a media file is processed the
  > > cookies are not accessible. I reckon that this is due to the fact that
  > > the request comes from the application (ie windows media player)
  > > rather than browser and therefore the cookies are not passed.
  > >
  > > Has anyone dealt with a similar situation? Is there a work around?
  > > Would greatly appreciate your comments.
  > >
  > > best regards
  > >
  > > peter<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: isapi filter cookie 
Back to top
Login to vote
ptr1024

External


Since: Nov 07, 2003
Posts: 3



(Msg. 5) Posted: Mon Nov 17, 2003 8:05 am
Post subject: Re: isapi filter cookie [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
I have yet another problem with the filter and the media files which i
cannot figure out...

A media file is <EMBEDed into an html page. Bellow is a simple snippet
of OnPreprocHeaders code.

This is what happens:

* when I just pass the url to the media file through the filter AND
the url does not contain a query string after the file name (eg
/test.wma) it works fine with either 7 or 9 versions of WMP
* when I pass the url through the filter BUT the url contains query
string (eg /test.wma?v=12345) it fails when accessed via WMP7 (i am
getting 'The page cannot be displayed') but works when accessed from a
machine with WMP9 installed
* when I GetHeader("url") and then SetHeader("url") on
OnPreprocHeaders without modifying the url I can access it from WMP9
but not WMP7 (regardless whether a query string is present or not).
* this problem does not relate to html, gif, jpeg files

Is there some extra information that have to be passed in the header
for older WMPs? I tried to add
pCtxt->m_pFC->AddResponseHeaders(pCtxt->m_pFC, "Content-type =
application/x-mplayer2\r\n\r\n", 0); in OnPreprocHeaders but still the
same problem.

I would greatly appreciate any help or suggestions

many thanks

peter

PS using the code bellow I can access media files using WMP9 but not
WMP7



DWORD COvumFltrFilter::OnPreprocHeaders(CHttpFilterContext* pCtxt,
  PHTTP_FILTER_PREPROC_HEADERS pHeaderInfo)
{
  char pUrl[1024];
  LPDWORD pBufLen = new DWORD;
  char* pTmp = 0;

  *pBufLen = (DWORD)1024;

  for(int i=0; i<1024; i++)
   pUrl[i] = 0;

  pHeaderInfo->GetHeader(pCtxt->m_pFC, "url", pUrl, pBufLen);

  if(strstr(pUrl, ".wma")){
   if(pTmp=strstr(pUrl, "?"))
    *pTmp = '\0';

   pHeaderInfo->SetHeader(pCtxt->m_pFC, "url", pUrl);
  }


  delete pBufLen;

  return SF_STATUS_REQ_NEXT_NOTIFICATION;
}





ptr1024.RemoveThis@yahoo.com (ptr) wrote in message news:<fb75c062.0311100217.425c22f0.RemoveThis@posting.google.com>...
 > Thanks Jerry. that's what I thought...
 >
 > peter
 >
 >
 > "Jerry III" <jerryiii.RemoveThis@hotmail.com> wrote in message news:<ejekwvYpDHA.2808.RemoveThis@TK2MSFTNGP10.phx.gbl>...
  > > Just use simple url rewriting - embed the value of the cookie in the url
  > > used by media player and strip it out in your filter in preproc headers or
  > > redirect the client to the login page or even better, send an access denied
  > > error to the client (as media player probably won't be able to display the
  > > login page).
  > >
  > > Jerry
  > >
  > > "ptr" <ptr1024.RemoveThis@yahoo.com> wrote in message
  > > news:fb75c062.0311070956.5be88669@posting.google.com...
   > > > Hi,
   > > >
   > > > I am developing a pay-per-view web based application. I am writing an
   > > > ISAPI filter that handles the security issues. When a user requests a
   > > > page with embedded media file located in a particular directory the
   > > > ISAPI checks whether the request came from a proper place by checking
   > > > cookies. If verified the file is passed through. Otherwise the user is
   > > > redirected to a signin page.
   > > >
   > > > This works well for html and image files but not for the media files.
   > > > I noticed that when a request for a media file is processed the
   > > > cookies are not accessible. I reckon that this is due to the fact that
   > > > the request comes from the application (ie windows media player)
   > > > rather than browser and therefore the cookies are not passed.
   > > >
   > > > Has anyone dealt with a similar situation? Is there a work around?
   > > > Would greatly appreciate your comments.
   > > >
   > > > best regards
   > > >
   > > > peter<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: isapi filter cookie 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
ISAPI filter to set REMOTE_USER - Hi, Background (highly summarized): I have a scenario where: * I have a proxy server in front of IIS * I authenticate at that proxy server * That proxy server injects a generic authorization header into the forward stream to IIS * I have both Basic..

ISAPI filter problem - Hi everyone, I am trying to create ISAPI filter that will intercept incoming header from the client and modify it. When I create ISAPI filter using VC++ wizard (wizard with options: use MFC, create filter only, no server extension objects, notification...

ISAPI Filter Priority - I have added three entries into IIS ISAPI filter list. Sometimes the priority is low and sometime it is Unknown. Any ideas how I can make this more standard. Low is what I want... How is this value set, A value somewhere ? TIA Jay

very difficult ISAPI filter question - help - hi all, I am creating an ISAPI filter in VC++. this filter has to check the http client requests, and do some checks. First of all, when a client requests a file, the filter checks if the user exists in the db. This is done via the redefinition of the....

IIS 6.0:CreateTimerQueueTimer failure 5 in ISAPI filter - I am developing an ISAPI filter in C++ (win32) for IIS 6.0/Windows Server 2003 1) The thread used by IIS to call my filter is running under account "NETWORK SERVICE". 2) my code impersonates with an NT Administrator account 3) then, creates ...
   Web Hosting Problem Solving Community! (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]