How to handle video file authorization on an network drive

StackOverflow https://stackoverflow.com/questions/21416687

문제

We have a lot of WMV9 videos (something like 200k) in an network drive and around 100users. The basic permisssion is that a user can't read the video. We need to build a system where you can say that this video can be read by members of the groupe "Toto" and for the user "SpecialFonction" and that these rights can be changed.

We are considier the following scenarios :

  • Store the rights in a database. Create one folder per user. When a user request the video that he is allowed to see, the file is duplicate in his folder. His folder will be cleaned every week.

  • Build a web site that stream the videos and handles the rights. (Do you think the load will be important for the 480p?)

  • Encrypt all the videos on the network drive (unique key for each video). Create a WPF application that ask for the key of the video with the users credentials and handles the decryption and the decoding of the video on the fly. (we already have a WPF app for playing videos)

  • Store the rights in a database. Create a C# program that sync the NTFS rights on video files and the database.

Which do you think it best ? Is there other alternatives ?

도움이 되었습니까?

해결책

You can create Security objects that each User in your application can have for each file or folder and you would need to store that in the database. Then your video files could go on a network drive that has a specific user set up on it. Set the permissions on the network drive to only allow that user to access the files.

The last part of the solution is to use the WindowsIdentity.Impersonate Method to impersonate that user in your application and thereby gain access to the video files. There's a full code example and description of how to use this on the linked page, but to give you an example, I put the impersonation code into a nice class, so I can move files to a protected folder like this:

using (ImpersonationManager impersonationManager = new ImpersonationManager())
{
    impersonationManager.Impersonate(Settings.Default.Domain, 
        Settings.Default.UserName, Settings.Default.Password);
    Directory.CreateDirectory(Path.GetDirectoryName(filePath));
    if (File.Exists(filePath)) File.Delete(filePath);
    File.Move(inputFilePath, filePath);
}
라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top