I am developing an IIS8 website where users can log in and once logged in watch videos. I want to serve my videos, which may be up to 6 hours long, using HTML5 <video />. I want to limit users to one login only so they can not share their login credentials with others, this will be a pay site. For static pages (non-video) this is easy, but I’m not sure how to do it for video. Once a HTML5 video starts playing how can I prevent the user from loggin in again? Or, if he does log in again, it there a way to interrupt the video playback from the 1st login? I’d love to hear ideas…
thanks
David
elaborating on sgeddes’s answer a solution I’ve used in the past is
– when the user logs in generate a GUID that gets stored both as a cookie for the user and in a lookup table… so if the user logs in again the GUID (and timestamp) will change
– every n seconds have the client poll the server to make sure they still have the right GUID and if not stop the video so only the most recent log-in continues to work
however… there are a couple of issues with this. If the video is a single progressive stream once connected there’s nothing to stop the user downloading it and watching it locally, and if they want to get really tricky they could interrupt the polling javascript and simply stop the check.
If you want to go a bit further you can implement a server side handler that checks the validity of the cookie token before delivering more of the video (something similar to http://blog.offbeatmammal.com/post/2006/06/30/Using-ASPNET-to-restrict-access-to-images.aspx) though because the <video> element does it’s best to download enough of the video to play without buffering depending on how long it is and how much pre-buffering is done by the time that check kicks in it may be too late.