This section explains in details the interaction between the client, the NetShow server, and the authenticator.
At startup the NetShow server queries the system registry for the enabled authenticator. When successful, it retrieves the CLSID of the authenticator and creates an instance of the authenticator. Then the server calls the authenticator’s Initialize method, passing in a pointer to the server context. This context contains properties describing certain attributes of the server. These properties include:
The Initialize method also provides an opportunity for the authenticator to perform any preliminary authentication tasks, such as establishing a link to the user account database and allocating system resources that will be used by the authenticator.
During initialization, the authenticator also informs the server whether data exchanged with the client during authentication should be text-based or in binary form.
A user authentication object, managed by the Authenticator object, inspects and verifies user information each time a user connects. The server calls the Authenticator’s CreateUserAuthentication method to create a user authentication object. Authentication for the instance of the client connection is done through the user authentication object.
After creating the user authentication object, the server calls the GetAuthenticationType method to retrieve the authentication type being used by the authenticator. This type must be recognizable by the client (player). Currently, the player only supports the following authentication types:
Each time a client makes a request to open a title, the server notifies the player that user authentication is required. Regardless of which authentication type is being used, authentication involves the exchange of data between the client, the server, and the authenticator. The server requests data from the client, such as a user name and password, and passes them to the authenticator for inspection. The authenticator notifies the server through a callback method that the authentication is complete or that a further exchange of data is necessary to complete the authentication process. The exchange of data continues until either the authenticator notifies the server through the callback that authentication is complete or an error occurs. Theoretically, the data exchange can continue forever; however, most authentication schemes involve only one to three exchanges.
The NetShow player prompts the user for user name and password credentials and dispatches the credentials to the server. The server then passes them to the authenticator for inspection and validation. The authenticator, using any available user account database, compares the data and notifies the server of the result. The server then grants or denies the client access to the content based on the result.
The following chart depicts the interaction between the client, the server, and the authenticator using the HTTP-BASIC authentication protocol.
After the user’s identity has been validated, the server stores a pointer to the authentication context in the user authentication object. The INSSAuthentication interface provides methods for retrieving the results of authentication and the authenticated user name. When the authentication is successful, the NetShow server can then impersonate the user whenever it is needed.
© 1996-1998 Microsoft Corporation. All rights reserved.