How to secure my screen sharing link

Discussion in 'Web Call Server 5' started by Rajesh, Oct 31, 2019.

  1. Rajesh

    Rajesh New Member

    Sir i am using screen sharing . I want to secure my wss link so that if anyone copy link or iframe from my site it should not work directly or his domain. Kindly tell how i can do that...
  2. Max

    Max Administrator Staff Member

    Good day.

    You can use REST hooks to backend server allows or does not allow client to connect WCS (screen sharing in you case). The workflow looks like this:

    1. You configure the backend server.
    Code:
    https://<your backend server>/hook/connect
    
    2. Your backend returns 200 OK if clients has rights to connect, or 403 Forbidden if has not.
    For example,
    PHP:
    <?php
       header
    ('HTTP/1.1 200 OK',true,200);
    ?>
    3. Test step 2 from you WCS server:
    Code:
    [root@p16 /]# curl -k -I https://<your backend server>/hook/connect
    HTTP/1.1 200 OK
    Date: Thu, 31 Oct 2019 16:48:39 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
    X-Powered-By: PHP/5.4.16
    Content-Type: text/html; charset=UTF-8
    
    4. Update your WCS to send REST hook queries to your own backend: get access to core CLI via SSH
    and modify the app and add data:
    Code:
    update app -l https://<your backend server>/hook defaultApp
    5. Pass as custom parameter user authentification data to createSession function.
    Edit JS file and add custom data - userTest and passTest:
    Code:
    https://<your WCS IP-address or domain name>:8444/client2/examples/demo/streaming/screen-sharing/screen-sharing.js
    
    Code:
    function start() {
      ...
        Flashphoner.createSession({urlServer: url,custom:{userTest: "passTest"}}).on(SESSION_STATUS.ESTABLISHED,function(session){...})
        ...
    }
    
    6. Add custom parameter user authentification data to backend server.
    For example,
    PHP:
    <?php
    $incoming_data 
    json_decode(file_get_contents('php://input'), true);

    if (
    $incoming_data['custom']['passwd'] == 'passwdTest') {
        
    header('HTTP/1.1 200 OK',true,200);
    } else {
        
    header('HTTP/1.1 403 Forbidden',true,403);
    }
    ?>

    7. Client tries to connect to your server:
    Code:
    https://<your WCS IP-address or domain name>:8444/client2/examples/demo/streaming/screen-sharing/screen-sharing.html
    
    If in the screen-shared.js file user data and authentication data on the internal server match - screen sharing to this user allowed.
    Last edited: Nov 1, 2019

Share This Page