问题描述
使用媒体服务 v3 对视频进行上载、编码和流式传输示例时,遇见了AAD错误。
TIP: Make sure that you have filled out the appsettings.json file before running this sample. AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. This may happen if there are no active subscriptions for the tenant. Check to make sure you have the correct tenant ID. Check with your subscription administrator |
整个示例代码可从GitHub中获取
问题分析
从错误消息来看[AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. ],是代码与中国区的AMS服务认证时候出现的错误,无法找到当前的租户(Tenant),所以需要检查以下两个地方:
- 项目文件中appsettings.json配置的AadEndpoint,ArmAadAudience,ArmEndpoint是否指向了中国区的Endpoint。 代码中默认指向的都是Global地址。
- 在GetCredentialsAsync方法中ApplicationTokenProvider.LoginSilentAsync默认设置到Global,需要改为AzureChina。
问题解决
一:修改appsettings.json中 AadEndpoint,ArmAadAudience,ArmEndpoint 地址
{ "AadClientId": "00000000-0000-0000-0000-000000000000", "AadEndpoint": "https://login.chinacloudapi.cn", "AadSecret": "00000000-0000-0000-0000-000000000000", "AadTenantId": "00000000-0000-0000-0000-000000000000", "AccountName": "amsaccount", "ArmAadAudience": "https://management.core.chinacloudapi.cn/", "ArmEndpoint": "https://management.chinacloudapi.cn/", "Region": "chinaeast", "ResourceGroup": "amsResourceGroup", "SubscriptionId": "00000000-0000-0000-0000-000000000000" }
二:修改ApplicationTokenProvider.LoginSilentAsync方法,指定中国区微软云环境
/// <summary> /// Create the ServiceClientCredentials object based on the credentials /// supplied in local configuration file. /// </summary> /// <param name="config">The parm is of type ConfigWrapper. This class reads values from local configuration file.</param> /// <returns></returns> // <GetCredentialsAsync> private static async Task<ServiceClientCredentials> GetCredentialsAsync(ConfigWrapper config) { // Use ApplicationTokenProvider.LoginSilentWithCertificateAsync or UserTokenProvider.LoginSilentAsync to get a token using service principal with certificate //// ClientAssertionCertificate //// ApplicationTokenProvider.LoginSilentWithCertificateAsync // Use ApplicationTokenProvider.LoginSilentAsync to get a token using a service principal with symetric key ClientCredential clientCredential = new ClientCredential(config.AadClientId, config.AadSecret); return await ApplicationTokenProvider.LoginSilentAsync(config.AadTenantId, clientCredential, ActiveDirectoryServiceSettings.AzureChina); }
参考资料
使用媒体服务 v3 对视频进行上载、编码和流式传输:https://docs.azure.cn/zh-cn/media-services/latest/stream-files-tutorial-with-api
获取访问媒体服务 API 的凭据: https://docs.azure.cn/zh-cn/media-services/latest/access-api-howto?tabs=cli
