编码者卢布
🏠 首页

【Azure 媒体服务】使用媒体服务 v3 对视频进行上载、编码和流式传输时遇见的AAD错误

📅 2021-04-29 👁 0 次浏览 ❤️ 0 次点赞

问题描述

使用媒体服务 v3 对视频进行上载、编码和流式传输示例时,遇见了AAD错误。

TIP: Make sure that you have filled out the appsettings.json file before running this sample. AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. This may happen if there are no active subscriptions for the tenant. Check to make sure you have the correct tenant ID. Check with your subscription administrator

** 整个示例代码可从GitHub中获取**

问题分析

从错误消息来看[AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. ],是代码与中国区的AMS服务认证时候出现的错误,无法找到当前的租户(Tenant),所以需要检查以下两个地方:

  • 项目文件中appsettings.json配置的AadEndpoint,ArmAadAudience,ArmEndpoint是否指向了中国区的Endpoint。 代码中默认指向的都是Global地址。

  • 在GetCredentialsAsync方法中ApplicationTokenProvider.LoginSilentAsync默认设置到Global,需要改为AzureChina。

 

问题解决

一:修改appsettings.json中 AadEndpoint,ArmAadAudience,ArmEndpoint 地址

{
  "AadClientId": "00000000-0000-0000-0000-000000000000",
  "AadEndpoint": "https://login.chinacloudapi.cn",
  "AadSecret": "00000000-0000-0000-0000-000000000000",
  "AadTenantId": "00000000-0000-0000-0000-000000000000",
  "AccountName": "amsaccount",
  "ArmAadAudience": "https://management.core.chinacloudapi.cn/",
  "ArmEndpoint": "https://management.chinacloudapi.cn/",
  "Region": "chinaeast",
  "ResourceGroup": "amsResourceGroup",
  "SubscriptionId": "00000000-0000-0000-0000-000000000000"
}

 

二:修改ApplicationTokenProvider.LoginSilentAsync方法,指定中国区微软云环境

        /// <summary>
        /// Create the ServiceClientCredentials object based on the credentials
        /// supplied in local configuration file.
        /// </summary>
        /// <param name="config">The parm is of type ConfigWrapper. This class reads values from local configuration file.</param>
        /// <returns></returns>
        // <GetCredentialsAsync>
        private static async Task<ServiceClientCredentials> GetCredentialsAsync(ConfigWrapper config)
        {
            // Use ApplicationTokenProvider.LoginSilentWithCertificateAsync or UserTokenProvider.LoginSilentAsync to get a token using service principal with certificate
            //// ClientAssertionCertificate
            //// ApplicationTokenProvider.LoginSilentWithCertificateAsync

            // Use ApplicationTokenProvider.LoginSilentAsync to get a token using a service principal with symetric key
            ClientCredential clientCredential = new ClientCredential(config.AadClientId, config.AadSecret);
            return await ApplicationTokenProvider.LoginSilentAsync(config.AadTenantId, clientCredential, ActiveDirectoryServiceSettings.AzureChina);
        }

 

参考资料

使用媒体服务 v3 对视频进行上载、编码和流式传输:https://docs.azure.cn/zh-cn/media-services/latest/stream-files-tutorial-with-api

获取访问媒体服务 API 的凭据https://docs.azure.cn/zh-cn/media-services/latest/access-api-howto?tabs=cli

 

正在加载评论...