從Azure共享網站創建Azure Media服務作業

Question

我有上傳新資源的代碼。爲流式傳輸和縮略圖創建創建轉碼作業。然後查詢狀態更改，以更新該轉碼作業。

這一切都在本地機器上正常工作。我在Azure網站上運行時收到：

Access is denied. 

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Security.Cryptography.CryptographicException: Access is denied. 


Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

Stack Trace: 


[CryptographicException: Access is denied. 
] 
    System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags) +1985499 
    Microsoft.WindowsAzure.MediaServices.Client.EncryptionUtils.SaveCertificateToStore(X509Certificate2 certToStore) +64 
    Microsoft.WindowsAzure.MediaServices.Client.ContentKeyBaseCollection.GetCertificateForProtectionKeyId(DataServiceContext dataContext, String protectionKeyId) +201 
    Microsoft.WindowsAzure.MediaServices.Client.JobData.ProtectTaskConfiguration(TaskData task, X509Certificate2& certToUse, DataServiceContext dataContext) +285 
    Microsoft.WindowsAzure.MediaServices.Client.JobData.InnerSubmit(DataServiceContext dataContext) +540 
    Microsoft.WindowsAzure.MediaServices.Client.JobData.SubmitAsync() +63 
    Microsoft.WindowsAzure.MediaServices.Client.JobData.Submit() +25 
    SEISMatch.MediaServices.AzureMediaServices.ProcessVideo(Video video) +498 
    SEISMatch.BusinessLogic.MediaServicesManager.StartProcessingMedia(Video v) +48 
    SEISMatch.BusinessLogic.VideoManager.UploadComplete(Guid guid) +493 
    lambda_method(Closure , ControllerBase , Object[]) +155 
    System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 
    System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +182 
    System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 
    System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28 
    System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10 
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50 
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 
    System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58 
    System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225 
    System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10 
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50 
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34 
    System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +24 
    System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99 
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50 
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27 
    System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14 
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23 
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55 
    System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39 
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23 
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55 
    System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29 
    System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10 
    System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25 
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23 
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55 
    System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31 
    System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9 
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9629296 
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155 

我在其他地方發現了對此錯誤的引用。但是沒有解釋如何在Azure網站上下文中解決它。推測可以使用Azure網站與Azure媒體服務進行交互？ 此錯誤是由於嘗試爲媒體服務庫中的某些內部功能保存證書而導致的。

我的代碼如下所示：

var inputAsset = mediaContext.Assets.Where(a => a.Name == video.AssetName).FirstOrDefault();  
IJob job = mediaContext.Jobs.Create(video.FileName + " Processing"); 
var thumbnailAssetID = AddThumbnailExtractionTask(job, inputAsset); 
var encodedAsset = AddEncodeTask(job, inputAsset); 
job.Submit(); //Error thrown here 

Answer 1

它在崩潰： https://github.com/WindowsAzure/azure-sdk-for-media-services/blob/3b2d5e227b2622c6d78fb10b1a733b188f1a6767/src/net/Client/DuplicatedFiles/EncryptionUtils.cs

SaveCertificateToStore期間，具體而言，在store.Open（OpenFlags.ReadWrite）。

凡： https://github.com/WindowsAzure/azure-sdk-for-media-services/blob/3b2d5e227b2622c6d78fb10b1a733b188f1a6767/src/net/Client/ContentKeyBaseCollection.cs

的節省就是從這裏稱爲：

/// <summary> 
    /// Gets the certificate for protection key id. 
    /// </summary> 
    /// <param name="dataContext">The data context.</param> 
    /// <param name="protectionKeyId">The protection key id.</param> 
    /// <returns>The content key.</returns> 
    internal static X509Certificate2 GetCertificateForProtectionKeyId(DataServiceContext dataContext, string protectionKeyId) 
    { 
     // First check to see if we have the cert in our store already. 
     X509Certificate2 certToUse = EncryptionUtils.GetCertificateFromStore(protectionKeyId); 

     if ((certToUse == null) && (dataContext != null)) 
     { 
      // If not, download it from Nimbus to use. 
      Uri uriGetProtectionKey = new Uri(string.Format(CultureInfo.InvariantCulture, "/GetProtectionKey?protectionKeyId='{0}'", protectionKeyId), UriKind.Relative); 
      IEnumerable<string> results2 = dataContext.Execute<string>(uriGetProtectionKey); 
      string certString = results2.Single(); 

      byte[] certBytes = Convert.FromBase64String(certString); 
      certToUse = new X509Certificate2(certBytes); 

      // Finally save it for next time. 
      EncryptionUtils.SaveCertificateToStore(certToUse); 
     } 

     return certToUse; 
    } 

這應該捕獲異常，坐在它，因爲它的序列化是不是強制性的（也不可能因特權網站已限制）。

喜歡的東西：

// Finally try to save it for next time, as an optimization. 
try{ 
    EncryptionUtils.SaveCertificateToStore(certToUse); 
} 
catch() 
{ 
    //Do nothing, this is not mandatory and breaks Azure WebSites deployment scenarios where they do not have rights to X509Stor.Open(). 
    //Ref: http://stackoverflow.com/questions/18056707/create-azure-media-services-job-from-azure-shared-website 
} 

在這個時候，我們沒有足夠的資源來測試/確認。如果您可以通過上述更改重新構建SDK的GitHub，那麼您應該可以通過此操作。

Answer 2

問題：爲了與使用媒體服務SDK對內容進行加密asp.net進程證書的工作需要有權限使用證書進行操作。

不幸的是，在問題中所述的行爲預期，並有放鬆的窗口Azure的網站內的這項安全政策目前沒有辦法。

如果不是至關重要的你的情況使用資產的任何加密方法， 嘗試明確設置AssetCreateOptions到AssetCreationOptions.None避免與證書

IAsset asset = _dataContext.Assets.Create("Test", AssetCreationOptions.None); 

Answer 3

時，沒有出現任何簡單方式來完成。 通過編寫自己的MediaServices客戶端庫，可以避免證書限制。這顯然是一項巨大的工作。

我通過將網站移動到Azure WebRole來解決此問題。由於部署時間或成本的增加，這並不理想。但它似乎是唯一的方法。

另一種方法是使用消息隊列和一個WorkerRole或單獨的服務WebRole與WAMS通信。然後，該網站仍然是Azure網站。但與新中間人溝通。

Answer 4

它使用是很重要的也是

TaskOptions.None 

看https://github.com/Azure/azure-sdk-for-media-services/issues/82