The URL authentication feature protects origin server resources from unauthorized download and access. CDN provides you with three authentication types. This topic describes the principle of authentication type B and illustrates it with examples.

Principle

Encrypted URLs can have the following format:
http://DomainName/timestamp/md5hash/FileName
If authentication is passed, actual back-to-origin URLs can have the following format:
http://DomainName/FileName
The following table describes authentication fields.
Parameter Description
DomainName The domain name of the CDN node.
timestamp The time when resources expire. The time is included in the URL and is used to calculate md5hash. It is in the YYYYMMDDHHMM format. The validity period is 1,800 seconds.

For example, if you set the access time to 2020-08-15 15:00:00, the request URL will expire at 2020-08-15 15:30:00.

md5hash The string calculated by using the MD5 algorithm. It must be 32 characters in length, and can contain digits and lowercase letters.
Filename The actual back-to-origin access URL. During authentication, the Filename field must start with a forward slash (/).

Example

The following example shows you how to implement authentication type B.
  1. Retrieve the resource from the origin server.
    http://cdn.example.com/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3
  2. Set the key to aliyuncdnexp123.
  3. Set the time when origin server is accessed to 201508150800.
  4. The CDN node constructs a signature string to calculate Hashvalue.
    aliyuncdnexp1234201508150800/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3
  5. The CDN node calculates md5hash based on the signature string .
    md5hash = md5sum("aliyuncdnexp1234201508150800/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3") = 9044548ef1527deadafa49a890a377f0
  6. Encrypt the request URL.
    http://cdn.example.com/201508150800/9044548ef1527deadafa49a890a377f0/4/44/44c0909bcfc20a01afaf256ca99a8b8b.mp3

If the md5hash calculated by the CDN node is the same as the md5hash contained in the request ( both are 9044548ef1527deadafa49a890a377f0), URL authentication succeeds. Otherwise, URL authentication fails.