Skip to content

Custom Authorization

To add authorization to stream publishing and subscribing, you can implement the IAuthorizationHandler interface. This allows you to provide your own custom authorization logic.

In the following example, publishing will only be authorized when the publishing path includes a valid password parameter, i.e. rtmp://127.0.0.1:1935/live/stream?password=123456.

Create the Password Validator Service

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
public interface IPasswordValidator
{
    ValueTask<bool> ValidatePassword(string password);
}

public class DemoPasswordValidator : IPasswordValidator
{
    public ValueTask<bool> ValidatePassword(string password)
    {
        return ValueTask.FromResult(password == "123456");
    }
}

This DemoPasswordValidator is a simple example class to check if the password is 123456.

Implement the IAuthorizationHandler

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
using LiveStreamingServerNet.Networking.Contracts;
using LiveStreamingServerNet.Rtmp.Auth;
using LiveStreamingServerNet.Rtmp.Auth.Contracts;

public class DemoAuthorizationHandler : IAuthorizationHandler
{
    private readonly IPasswordValidator _passwordValidator;

    public DemoAuthorizationHandler(IPasswordValidator passwordValidator)
    {
        _passwordValidator = passwordValidator;
    }

    public async Task<AuthorizationResult> AuthorizePublishingAsync(
        IClientInfo client,
        string streamPath,
        IReadOnlyDictionary<string, string> streamArguments,
        string publishingType)
    {
        if (streamArguments.TryGetValue("password", out var password) &&
            await _passwordValidator.ValidatePassword(password))
            return AuthorizationResult.Authorized();

        return AuthorizationResult.Unauthorized("incorrect password");
    }

    public Task<AuthorizationResult> AuthorizeSubscribingAsync(
        IClientInfo client,
        string streamPath,
        IReadOnlyDictionary<string, string> streamArguments)
    {
        return Task.FromResult(AuthorizationResult.Authorized());
    }
}

This DemoAuthorizationHandler injects the IPasswordValidator in the constructor, extracts the password parameter, and passes it to IPasswordValidator for checking.

Register the Authorization Handler

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
using LiveStreamingServerNet;
using LiveStreamingServerNet.Networking;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using System.Net;

using var liveStreamingServer = LiveStreamingServerBuilder.Create()
    .ConfigureRtmpServer(options =>
    {
        options.Services.AddSingleton<IPasswordValidator, DemoPasswordValidator>();
        options.AddAuthorizationHandler<DemoAuthorizationHandler>();
    })
    .ConfigureLogging(options => options.AddConsole().SetMinimumLevel(LogLevel.Debug))
    .Build();

await liveStreamingServer.RunAsync(new ServerEndPoint(new IPEndPoint(IPAddress.Any, 1935), false));