Authentication Type B - Domain Management| Alibaba Cloud Documentation Center

Authentication Type B

Edit in GitHub

Last Updated: Nov 25, 2019 Edit in GitHub

The URL authentication feature protects origin server resources from unauthorized download and access. CDN provides you with three authentication types. This topic describes the principle of authentication type B and illustrates it with examples.

Principle

Encrypted URLs can have the following format:

http://DomainName/timestamp/md5hash/FileName

If authentication is passed, actual back-to-origin URLs can have the following format:

http://DomainName/FileName

The following table describes authentication fields.


Parameter	Description
DomainName	The domain name of the CDN node.
timestamp	The time when resources expire. The time is included in the URL and is used to calculate `md5hash`. It is in the YYYYMMDDHHMM format. The validity period is 1,800 seconds. For example, if you set the access time to 2020-08-15 15:00:00, the request URL will expire at 2020-08-15 15:30:00.
md5hash	The string calculated by using the MD5 algorithm. It must be 32 characters in length, and can contain digits and lowercase letters.
Filename	The actual back-to-origin access URL. During authentication, the Filename field must start with a forward slash `(/)`.

Example

The following example shows you how to implement authentication type B.

Retrieve the resource from the origin server.

http://cdn.example.com/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3

Set the key to aliyuncdnexp123.
Set the time when origin server is accessed to 201508150800.

The CDN node constructs a signature string to calculate Hashvalue.

aliyuncdnexp1234201508150800/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3

The CDN node calculates md5hash based on the signature string .

md5hash = md5sum("aliyuncdnexp1234201508150800/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3") = 9044548ef1527deadafa49a890a377f0

Encrypt the request URL.

http://cdn.example.com/201508150800/9044548ef1527deadafa49a890a377f0/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3

If the md5hash calculated by the CDN node is the same as the md5hash contained in the request ( both are 9044548ef1527deadafa49a890a377f0), URL authentication succeeds. Otherwise, URL authentication fails.