我只希望授权用户在Akamai上查看其图像.能做到吗? [英] I want only the authorized users to view their images on Akamai. Can this be achieved?

问题描述

当前，在我的系统中，身份验证背后的所有私有映像都由我的后端应用程序服务器提供.所有其他非私有映像都直接从CDN(Akamai)提供.

Currently in my system, all the private images which are behind authentication are being served from my backend application server. All other non-private images are being served directly from CDN (Akamai).

提供私人图片的流程是这样的

Flow to serve private images is like this

客户端浏览器->应用程序服务器->授权->将图像位图返回到浏览器

Client browser -> Application Server -> Authorization -> Return Image bitmap to browser

我也想将CDN用于私有映像，因为它给我的应用程序服务器带来了沉重的负担.请提出如何实现的建议?

I want to use CDN for private images also since it is putting heavy load on my application servers. Please suggest how it can be achieved?

推荐答案

另一种选择是使用Akamai的EdgeAuth令牌在其边缘服务器上进行某种形式的授权.这样，您就可以在令牌中指定一个ACL，以向客户端提供适当的访问权限，例如

Another option is to use Akamai's EdgeAuth tokens to do a form of authorisation at their edge server. This allows you to specify an ACL within the token to provide clients with appropriate access, e.g.

"/public/*"

将允许访问您在/public下提供的所有图像

would allow access to all images that you serve up under /public

/client123/*

将只允许访问/client123下提供的图像

Would allow only access to images served up under /client123

您也可以将它们组合起来并建立任何组合:

You can also combine these and build up any combination:

/client/*|/public/*

等

这确实意味着您需要以这种方式按路线对图像进行分段，如果在客户端访问权限方面存在很多不可预知的交叉，则它可能会变得复杂.

This does mean you need to be able to segment your images by route in this way, it can get complex if there is a lot of unpredictable crossover in terms of what clients can access.

向客户端提供此服务的流程在某种程度上取决于客户端的工作方式，您可以将令牌制表到图像URL本身，也可以将其作为cookie(使用Akamai配置的名称)提供.令牌通过HMAC签名进行保护，因此不会被篡改，并且可以根据需要设置尽可能小的窗口.

The flow for serving this to your client depends a bit on how your client works, you can tab the token onto the image URL itself or serve it up in a cookie (the name of which you configure with Akamai). Tokens are secured via a HMAC signature so they can't be tampered with and you can set as small a window as you like for their validity.

最新信息/代码/示例链接自此节点库.

Latest info/code/samples are linked from this article, this can be used from .NET and other tech as well as Java. There's also this node library.

如果上述方法对您不起作用，则还可以让Akamai始终通过您的后端进行验证(即授权)，但从CDN提供资产.显然，这消除了使用CDN的一些好处，但在特殊情况下，如果需要的话，对于您的流量的一小部分可能是有益的.

If the above doesn't work for you, it's also possible to have Akamai always validate (i.e. authorise) with your backend, but serve up the asset from the CDN. This obviously removes some of the benefit of using the CDN but it can be beneficial in special cases for a small percentage of your traffic if necessary.

这篇关于我只希望授权用户在Akamai上查看其图像.能做到吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！