Securing Content within a Directory Tutorial

Token-Based Authentication authenticates a requester before granting access to content. Access to content will only be granted when both of the following conditions are met:

Set up involves the following steps:

  1. Define an encryption key.
  2. Define a directory that will require authentication.
  3. Update href and src links to include the desired token.

Step 1: Defining an Encryption Key

An encryption key plays an integral part in the encryption/decryption of token values. An encryption key must be set on each desired platform.

It is highly recommended to use a random encryption key of reasonable length. A sample call to generate a random string via the OpenSSL tool is provided below.

rand -hex 32

Navigate to the Token Auth page. ClosedHow?From the main menu, navigate to CAN | Token Auth.

Set the desired alphanumeric value in the Primary Key option (as shown below).

Make sure that the primary key's Minimum Encryption Version option is set to "V3."

Click Update.

Step 2: Directory Authentication

The next step involves defining a location to which Token-Based Authentication will be applied recursively. The specified relative path will be compared against the request URL. The starting point for this comparison varies by URL type. Learn more.

In the New option, which can be found under the Directories to Authenticate section, type the relative path to the desired directory.

Click Add.

It may take up to an hour for changes to your Token-Based Authentication setup to take effect.

The final step is to add a token to all href and src links that point to content stored in the folder specified above or any of its children.

Typically, a script is created to dynamically generate tokens using the Token Generator executable. However, in this tutorial, we will generate a token through the Token Auth page.

Generate a token that will grant access to requests that originate from within the United States. Requests from other countries that include this token will be denied.

In the ec_country_allow option, which can be found in the Encrypt Tool section, type "US."

Click Encrypt.

The corresponding token will be displayed in the Generated Token option (as shown below).

The Token Generator Call field displays the call through which the same token may be generated using the Token Generator executable.

For each href and src link that points to content stored in the directory specified in the Directories to Authenticate section, update it to include the above token value as a query string.

If the desired href or src link does not already contain a query string, make sure to first append a question mark to the end of the URL. Append the desired token value directly after the question mark.

Basic URL Example

Notice that the updated link contains a query string set to a token value.

Original link:

<a href="http://can.0001.transactcdn.com/800001/secure/marketing/strategy.pdf">

Updated link:

<a href="http://can.0001.transactcdn.com/800001/secure/marketing/strategy.pdf?p6GP_A13i2ZpFkc1llGUsZURp3TUr86OJvyrPPYTA1kArs6fVNxyPBZXsDQTTUI">

URL with Query String Example

A token must be the first parameter specified in the query string. Make sure to specify additional query string parameters after the token value. This is illustrated in the following example.

Original link:

<a href="http://can.0001.transactcdn.com/800001/secure/marketing/strategy.pdf?user=Joe">

Updated link:

<a href="http://can.0001.transactcdn.com/800001/secure/marketing/strategy.pdf?p6GP_A13i2ZpFkc1llGUsZURp3TUr86OJvyrPPYTA1kArs6fVNxyPBZXsDQTTUI&user=Joe">