问题描述
在中国区Azure上,使用Media Service服务,想要使用.NET的代码来对上传视频创建缩略图(Thumbnail) 。
通过官网文档(https://docs.azure.cn/zh-cn/media-services/latest/samples/samples-encoding-reference#create-a-thumbnail-sprite)下载.NET示例,配置 appsettings.json 中的参数,运行却出现(Azure.Identity.AuthenticationFailedException: 'ClientSecretCredential authentication failed: AADSTS90002: )异常。
Azure.Identity.AuthenticationFailedException: 'ClientSecretCredential authentication failed: AADSTS90002: Tenant '********-****-****-****-************' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant.
Trace ID: 99b963f7-86a5-4cde-a890-8828eff73000
Correlation ID: 62d4fa3b-92ad-4411-850c-87f562a256b3
Timestamp: 2023-05-10 07:25:55Z'
问题解答
查看.NET项目中的源码,发现获取Credential的代码使用的是 DefaultAzureCredential()。并且 ArmClient 对象也没有指定Azure的运行环境。
var mediaServicesResourceId = MediaServicesAccountResource.CreateResourceIdentifier( subscriptionId: options.AZURE_SUBSCRIPTION_ID.ToString(), resourceGroupName: options.AZURE_RESOURCE_GROUP, accountName: options.AZURE_MEDIA_SERVICES_ACCOUNT_NAME); var credential = new DefaultAzureCredential(includeInteractiveCredentials: true); var armClient = new ArmClient(credential); var mediaServicesAccount = armClient.GetMediaServicesAccountResource(mediaServicesResourceId);
默认情况下,它们都是指向Global Azure,而非China Azure。
所以,解决当前问题的方法就是在DefaultAzureCredential和ArmClient方法中指定中国区Azure为运行环境。
修改这部分代码为为:
var mediaServicesResourceId = MediaServicesAccountResource.CreateResourceIdentifier( subscriptionId: options.AZURE_SUBSCRIPTION_ID.ToString(), resourceGroupName: options.AZURE_RESOURCE_GROUP, accountName: options.AZURE_MEDIA_SERVICES_ACCOUNT_NAME); DefaultAzureCredentialOptions dacOptions = new DefaultAzureCredentialOptions() { AuthorityHost = AzureAuthorityHosts.AzureChina }; var credential = new DefaultAzureCredential(dacOptions); ArmClientOptions armOptions = new ArmClientOptions() { Environment = ArmEnvironment.AzureChina}; var armClient = new ArmClient(credential, options.AZURE_SUBSCRIPTION_ID.ToString(), armOptions); var mediaServicesAccount = armClient.GetMediaServicesAccountResource(mediaServicesResourceId);
注意:使用 DefaultAzureCredential 认证,需要设置以下的环境变量
- AZURE_CLIENT_ID
- AZURE_TENANT_ID
- AZURE_CLIENT_SECRET
关于DefaultAzureCredential方法获取认证参数的顺序,如下图所示:
参考资料
DefaultAzureCredential : https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme?view=azure-dotnet#defaultazurecredential