The URL authentication feature protects resources on origin servers from unauthorized access and downloads. Dynamic Route for CDN (DCDN) provides you with three authentication types. This topic describes how authentication type B works and provides an example.

How it works

A request URL is encrypted in the following format:
If the request passes authentication, the actual URL used to access the origin server is in the following format:
The following table describes the fields in an encrypted URL.
Field Description
DomainName The domain name of the DCDN node.
timestamp The time when the URL expires. The time is included in the URL and is used to calculate md5hash. The time follows the YYYYMMDDHHMM format. The time-to-live (TTL) value of a URL is 1,800 seconds.

For example, if you set the access time to 2020-08-15 15:00:00, the request URL will expire at 2020-08-15 15:30:00.

md5hash The string calculated by using the MD5 algorithm. It must be 32 characters in length, and can contain digits and lowercase letters.
FileName The actual URL that points to the requested resource on the origin server. The FileName field must start with a forward slash (/).


The following example shows how to implement type-B authentication.
  1. Retrieve the following object from the origin server.
  2. Set the key to aliyuncdnexp123.
  3. Set the time when origin server is accessed to 201508150800.
  4. The DCDN server creates a signature string to calculate Hashvalue.
  5. The DCDN server calculates the md5hash value based on the signature string Hashvalue.
    md5hash = md5sum("aliyuncdnexp1234201508150800/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3") = 9044548ef1527deadafa49a890a377f0
  6. Encrypt the request URL.

If the md5hash value calculated by the DCDN server is the same as the md5hash contained in the request ( both are 9044548ef1527deadafa49a890a377f0), the request passes authentication. Otherwise, the authentication fails.