Geek Answers Handbook

Azure Media Service - Generates a New AES Token for Playback

I have been working on an open source community project Azure Media Services has been uploading and playing videos in MVC since 2015. I didn’t use delivery encryption before, so I started working on AES.

In all the source codes / samples from the Azure Media Services Team, I noticed that a test token is generated immediately after loading the content, and this works well in my case. But how do I create a test token next time for playback?

I realized that we need a token every time a player requests playback. Technically, the player creates a request to a key service provider and receives an updated token.

So, to get the updated token, I tried a couple of ways: n could not fix it, I see the error "ContentKey (Id = '...", Type =' EnvelopeEncryption '), which contains the same types that already reference this asset. "

enter image description here

This seems like a valid error message because a key of type EnvelopeEncryption has already been added and associated with the active after loading the content, and after re-requesting this pop-up window.

Below is the code below .

public ActionResult Index() { var model = new List<VideoViewModel>(); var videos = db.Videos.OrderByDescending(o => o.Id).ToList(); foreach (var video in videos) { var viewModel = new VideoViewModel(); viewModel.Id = video.Id; viewModel.EncodedAssetId = video.EncodedAssetId; viewModel.IsEncrypted = video.IsEncrypted; viewModel.LocatorUri = video.LocatorUri; // If encrypted content, then get token to play if (video.IsEncrypted) { IAsset asset = GetAssetById(video.EncodedAssetId); IContentKey key = CreateEnvelopeTypeContentKey(asset); viewModel.Token = GenerateToken(key); } model.Add(viewModel); } return View(model); }

The above method calls the network service provider.

How to fix it?

+7
c # asp.net-mvc azure azure-media-services
source share
1 answer

You can see AMS Conductor Sources

when you create the yo constraint policy, do something like this:

 //Initilizing ContentKeyAuthorizationPolicyRestriction ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Authorization Policy with Token Restriction", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = TokenRestrictionTemplateSerializer.Serialize(restrictionTemplate)}; restrictions.Add(restriction); //Saving IContentKeyAuthorizationPolicyOption on server so it can be associated with IContentKeyAuthorizationPolicy IContentKeyAuthorizationPolicyOption policyOption = objCloudMediaContext.ContentKeyAuthorizationPolicyOptions.Create("myDynamicEncryptionPolicy", ContentKeyDeliveryType.BaselineHttp, restrictions, String.Empty); policy.Options.Add(policyOption); //Saving Policy policy.UpdateAsync();

The key field here is irements = TokenRestrictionTemplateSerializer.Serialize (restriction.Requirements)};

You need to get the appropriate resource limit that you created in the first place and re-edit the TokenRestriction template with

 TokenRestrictionTemplate tokenTemplate = TokenRestrictionTemplateSerializer.Deserialize(tokenTemplateString);

Depending on the type of key and encryption you use

  if (tokenTemplate.PrimaryVerificationKey.GetType() == typeof(SymmetricVerificationKey)) { InMemorySymmetricSecurityKey tokenSigningKey = new InMemorySymmetricSecurityKey((tokenTemplate.PrimaryVerificationKey as SymmetricVerificationKey).KeyValue); signingcredentials = new SigningCredentials(tokenSigningKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest); } else if (tokenTemplate.PrimaryVerificationKey.GetType() == typeof(X509CertTokenVerificationKey)) { if (signingcredentials == null) { X509Certificate2 cert = DynamicEncryption.GetCertificateFromFile(true).Certificate; if (cert != null) signingcredentials = new X509SigningCredentials(cert); } } JwtSecurityToken token = new JwtSecurityToken(issuer: tokenTemplate.Issuer, audience: tokenTemplate.Audience, notBefore: DateTime.Now.AddMinutes(-5), expires: DateTime.Now.AddMinutes(Properties.Settings.Default.DefaultTokenDuration), signingCredentials: signingcredentials, claims: myclaims); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); string token = handler.WriteToken(token);
0
source share

More articles:


All Articles