The URL authentication feature protects origin server resources from unauthorized downloads and access. Dynamic Route for CDN (DCDN) provides you with three authentication types. This topic describes how authentication type A works and provides an example.
How it works
|DomainName||The domain name of the DCDN node.|
|Filename||The actual URL that points to the requested resource on the origin server. The FileName
field must start with a forward slash (
|auth_key||The cryptographic key that you have set.|
|timestamp||The time when the URL expires. The time is a positive integer that is 10 digits in
length. The value equals the number of seconds that have elapsed since 00:00:00 Thursday,
1 January 1970 plus the time-to-live (TTL) value of the URL. The TTL value is set
by the client. If it is set to 1,800 seconds, authentication fails if the difference
between the time the origin server is accessed and the preset access time is greater
than 1,800 seconds.
For example, if you set the access time to 2020-08-15 15:00:00, the request URL will expire at 2020-08-15 15:30:00.
|rand||The random number. The number cannot contain hyphens
|uid||The user ID. Set this field to 0.|
|md5hash||The string calculated by using the MD5 algorithm. It must be 32 characters in length, and can contain digits and lowercase letters.|
timestampin the request is earlier than the current time.
- If the timestamp is earlier than the current time, the DCDN node determines that the URL expires and returns a 403 error.
- If the timestamp is later than the current time, the DCDN node constructs a string
in the same format as the following
sstring. The DCDN node calculates
Hashvalueby using the MD5 algorithm and then compares Hashvalue with the
md5hashcontained in the request.
- If they are the same, authentication succeeds. The DCDN node returns the requested resource.
- If they are different, authentication fails. The DCDN node returns a 403 error.
Hashvalueis calculated based on the following string:
sstring = "URI-Timestamp-rand-uid-PrivateKey". URI is the address that points to the requested resource. It does not contain parameters such as Filename. Hashvalue = md5sum(sstring)
- Request the resource through
- Set the key to aliyuncdnexp1234.
- Set the expiration time of the authentication configuration file to October 10, 2015 00:00:00. The calculated number of seconds is 1444435200.
- The DCDN node constructs a signature string to calculate
- The DCDN node calculates
Hashvaluebased on the signature string.
Hashvalue = md5sum("/video/standard/1K.html-1444435200-0-0-aliyuncdnexp1234") = 80cd3862d699b7118eed99103f2a3a4f
- Encrypt the request URL.
Hashvalue calculated by the DCDN node is the same as the
md5hash contained in the request (both are 80cd3862d699b7118eed99103f2a3a4f), the request passes authentication. Otherwise, authentication fails.