Authentication is a fundamental aspect of security for a server running Windows Media Services. It confirms the identity of any user trying to access resources on your Windows Media server. Windows Media Services includes authentication plug-ins that you can enable in order to validate user credentials. Authentication plug-ins work in conjunction with authorization plug-ins: after users are authenticated, authorization plug-ins control access to content.
Windows Media Services authentication plug-ins fall into the following categories:
When a user attempts to access a server or publishing point, the server attempts to authenticate users through an anonymous authentication plug-in. If more than one anonymous authentication plug-in is enabled, the server only uses the first one listed. If that attempt fails or an anonymous authentication plug-in is not enabled, the server attempts to authenticate the user by using a network authentication plug-in. If more than one network authentication plug-in is enabled, the server attempts to use the first one that is also supported by the client. The order in which the plug-ins are listed in the details pane can be changed using the Server Object Model, which is documented in the Windows Media Services Software Development Kit (SDK).
If you enable all of the default Windows Media Services authentication plug-ins and a player attempts to access the server, the server uses the WMS Anonymous User Authentication plug-in first to validate the user. If the server is unable to provide access to the user based on the anonymous user account specified for the plug-in, the server then tries to authenticate the user by using the WMS Negotiate Authentication plug-in. If this attempt fails, Windows Media Player version 7 and later will continue to attempt to authenticate using this secondary method. Previous versions of the Player will stop after the secondary method has failed once.
If a player is connected through HTTP, the player disconnects from the server each time the user stops, pauses, fast–forwards, or rewinds your content. If the user tries to continue receiving the content, the authentication and authorization process occurs again.
This section contains the following topics:
Notes