How can I secure the on-demand streaming from Azure Media Services to a specific domain only?
E.g. if you are using the Azure Media Player on www.domain1.com - you can watch the videos, but if you are on www.whatever.com then the video should not play.
Here is what I tried:
Setting CORS on the assigned Azure Storage account - didn't help. All responses seem to have a * cors header.
Setting up IP restrictions on the Streaming Endpoint - didn't help. I could still stream a video from different machines using the azure media player demo page. https://ampdemo.azureedge.net/azuremediaplayer.html?url=my_url_to_ism_manifest
UPDATE on the IP restrictions - it seems it needs some time to take effect. But now I realize it is not a good option, because there is no way to know the IP addresses of all the users of my site.
As far as I understood, the other content protection mechanisms (like fairPlay, widivine, etc.) that AMS support, require having a token, meaning the users should authenticate to my site first.
But I do not want to authenticate the users on my site, I just want the videos to be playable only if you are on my site.
One simple solution would be to enable Azure CDN from Verizon Premium and then use the rules engine capabilities to create a rule that only allows access from your domain. Your second solution of of using IP restrictions on the streaming endpoint would work as long as you aren't enabling Azure CDN for the streaming endpoint. If you aren't able to get this solution to work, I would recommend opening up a support case for further investigation.