Starting a stream possible without authentication

Hello

version: 5.2.1043 (@AWS)
WebSDK: 2.0.202

I am using WebCallServer 5 to create a stream via a webapp (Vue.js) using theWebSDK.


I just noticed (i used the "media-devices" example), that i am able to logon to the websocket and start/stop a stream without having to use authentication (the username/password i usually use for logging in to the WebUI).

What am i doing wrong here?


Best,
Thomas
 

Max

Administrator
Staff member
Good day.
I just noticed (i used the "media-devices" example), that i am able to logon to the websocket and start/stop a stream without having to use authentication (the username/password i usually use for logging in to the WebUI).
By default, you can open example page by direct link. You can prevent it by deactivating demo user:
1. Login to WCS CLI as admin
Code:
ssh admin@localhost -p 2001
2. Deactivate demo user
Code:
update user -a false demo
In this case, you should use credentials to enter to WCS dashboard https://wcs:8444/admin/, and cannot use direct links like https://wcs:8444/client2/examples/demo/streaming/media_devices_manager/media_device_manager.html. You can manage user accounts via CLI
Another common way to authenticate users is a custom backend with REST hooks. Please look at this example showing how to authenticate user by domain, it can be used as template to implement your custom backend application.
 
Top