Mediabrowser Password In URL

Good Afternoon Zip,

I have a quick request that should be fairly easy to fulfil should you deem it reasonable. I have been using owncloud for a while and have that working as I want however I setup an "external site" for mediabrowser. It would be nice if I could specify the password as part of the URL so that users wouldn't have to authenticate twice.

Something like the below would be perfect:

https://hostname.TLD/mediabrowser?pass={password}

Thanks for your time and keep up the great work on my favourite media server!

[zip]

Doesn't the Remember Me functionality work?

[atc98092]

Petr, I've had issues with the Remember Me, as in no, it isn't working. Just tried it from this browser on a different tab. Didn't even close the browser, only the tab. Reloading MB on a new tab asked for the password again.

WIndows 7, IE 11.

Doesn't the Remember Me functionality work?

Good morning Petr,

Typically the remember me function would be a suitable solution however for myself and anyone who I provide access might not be using their own computer (eg they might be at school or otherwise). Considering Owncloud doesn't put the link directly into the URL bar it would also give me the chance to create a more complex password that I wouldn't directly indicate to those that I have given access (they would be authenticated when signing into owncloud [Which is intern authenticated against their windows user accounts]). The individuals that I provide access to are not the most tech savvy and will not think/know how to dig through the page source for the password.

This collectively would be a positive as well as it would give me the ability to have some level of user access control (individual usernames and passwords) while also providing a more seamless experience.

Based on the above I would appreciate if you would consider my request.

Thanks for your time!

[spudy12]

Petr, I've had issues with the Remember Me, as in no, it isn't working. Just tried it from this browser on a different tab. Didn't even close the browser, only the tab. Reloading MB on a new tab asked for the password again.

WIndows 7, IE 11.

Not having any issues with remember me over here, forgot MB even had a password. Perhaps try chrome / firefox?

I don't think having the password in the URL is a good idea at all, just asking for security related issues.

[atc98092]

Petr, I've had issues with the Remember Me, as in no, it isn't working. Just tried it from this browser on a different tab. Didn't even close the browser, only the tab. Reloading MB on a new tab asked for the password again.

WIndows 7, IE 11.

Not having any issues with remember me over here, forgot MB even had a password. Perhaps try chrome / firefox?

I don't think having the password in the URL is a good idea at all, just asking for security related issues.

I agree that a password in the URL is a bad security idea. Personally, even it were sent over HTTPS, I'd be nervous about it.

I've tried Firefox as well. MediaBrowser isn't saving the password for me.

As it seems that having access to putting the password into the URL seems to risky does anyone have a method that they can share with me to create a page (probably using PHP so that I can confirm access using session variables) that would authenticate on the user's behalf and provide to them a token to use for the duration of their session (which would be though the normal mediabrowser interface)?

I know basically nothing about javascript but I would be willing to work on expanding on something if there was a simple authentication script to get me started.

Thanks!

[will]

Everything, including URLs are encrypted when using HTTPS, so it would be fine.


MediaBrowser posts the transformed login details to the /cds/login endpoint, and then stores the resulting authToken in a cookie.

So working backwards,

1) Copy the cookie from a valid session
2) Write some code (php?) to inject the cookie
3) Test to see if you are automatically logged in
4) Write some javascript to perform the login process and generate a cookie
5) Test to see if you are automatically logged in
6) Adapt the code to only generate a new cookie if you don't have one already

Login process documentation http://docs.serviiocds.apiary.io/#login

[zip]

Also the next version will have a switch in the startup options to disable password altogether - not sure if that would help.

[atc98092]

Also the next version will have a switch in the startup options to disable password altogether - not sure if that would help.

One thought: could the password be disabled if the player requesting is on the same network, but require a password if outside? Then when I am traveling and want to watch a movie from home I can get to it from the Internet, and others won't be eating my bandwidth. Then if I want to play it from something on my home network it wouldn't ask.

Also the next version will have a switch in the startup options to disable password altogether - not sure if that would help.

Good Morning Zip,

I suspect that should be able to be made to meet my needs. I could make it so that the rewriting proxy will fail a condition without first authenticating against my own form (in this case owncloud). I will wait for the next release and see if I can make it meet my needs. Thanks for your input!

Everything, including URLs are encrypted when using HTTPS, so it would be fine.


MediaBrowser posts the transformed login details to the /cds/login endpoint, and then stores the resulting authToken in a cookie.

So working backwards,

1) Copy the cookie from a valid session
2) Write some code (php?) to inject the cookie
3) Test to see if you are automatically logged in
4) Write some javascript to perform the login process and generate a cookie
5) Test to see if you are automatically logged in
6) Adapt the code to only generate a new cookie if you don't have one already

Login process documentation http://docs.serviiocds.apiary.io/#login

Thanks Will,

I will try my hand as it. I have been interested in learning about the various components required and will be happy to give it a try. I appreciate you outlining the steps for me.