Azure app cannot connect to Media Services using C

2019-08-18 07:37发布

问题:

I am trying to use Azure Media Services to encode videos uploaded to my web app. Now that ACS is removed from AMS .net extensions and api, it seems the only way to connect is using Azure AD credentials. So I have registered service principal with AAD and Granted contributor right on AMS.

All the permissions seems correct and I try to run this sample code and Azure refuses to issue token.

Fails on line 80:

IAsset sourceAsset = _sourceContext.Assets.Where(a => a.Id == _sourceAssetID).First();

Same case with any other operation against AMS.

"ExceptionMessage": "Error HRESULT E_FAIL has been returned from a call to a COM component.",
        "ExceptionType": "System.Runtime.InteropServices.COMException",
        "StackTrace": "   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WebUI.<AcquireAuthorizationAsync>d__12.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.<AcquireAuthorizationAsync>d__10.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.<PreTokenRequest>d__9.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)\r\n   at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<RunAsync>d__57.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__39.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__28.MoveNext()"

This error message is from AD.

Wondering if there is anything I need to do on Azure Api app to make this work?

回答1:

To use Service Principal either a certificate or a Client Secret is required. Here is the easy way - use Client Secret

var tokenCredentials = new AzureAdTokenCredentials(_AADTenantDomain,
                                    new AzureAdClientSymmetricKey(clientId, clientSecret), 
                                    AzureEnvironments.AzureCloudEnvironment);
            var tokenProvider = new AzureAdTokenProvider(tokenCredentials);

Client Secret is generated in AMS account under API Access --> Connect to Azure API using Service Principal --> Manage Application --> Keys --> Passwords

Hope you don't need to waste a week trying all sort of things.

PS: Answer was provided to me by AMS developer support team.