【Azure 媒体服务】使用媒体服务 v3 对视频进行上载、编码和流式传输时遇见的AAD错误

问题描述

使用媒体服务 v3 对视频进行上载、编码和流式传输示例时，遇见了AAD错误。

TIP: Make sure that you have filled out the appsettings.json file before running this sample.
AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. This may happen if there are no active subscriptions for the tenant. Check to make sure you have the correct tenant ID. Check with your subscription administrator

整个示例代码可从GitHub中获取

问题分析

从错误消息来看[AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. ]，是代码与中国区的AMS服务认证时候出现的错误,无法找到当前的租户(Tenant)，所以需要检查以下两个地方：

1. 项目文件中appsettings.json配置的AadEndpoint，ArmAadAudience，ArmEndpoint是否指向了中国区的Endpoint。 代码中默认指向的都是Global地址。
2. 在GetCredentialsAsync方法中ApplicationTokenProvider.LoginSilentAsync默认设置到Global，需要改为AzureChina。

问题解决

一：修改appsettings.json中 AadEndpoint，ArmAadAudience，ArmEndpoint 地址

{
  "AadClientId": "00000000-0000-0000-0000-000000000000",
  "AadEndpoint": "https://login.chinacloudapi.cn",
  "AadSecret": "00000000-0000-0000-0000-000000000000",
  "AadTenantId": "00000000-0000-0000-0000-000000000000",
  "AccountName": "amsaccount",
  "ArmAadAudience": "https://management.core.chinacloudapi.cn/",
  "ArmEndpoint": "https://management.chinacloudapi.cn/",
  "Region": "chinaeast",
  "ResourceGroup": "amsResourceGroup",
  "SubscriptionId": "00000000-0000-0000-0000-000000000000"
}

二：修改ApplicationTokenProvider.LoginSilentAsync方法，指定中国区微软云环境

        /// <summary>
        /// Create the ServiceClientCredentials object based on the credentials
        /// supplied in local configuration file.
        /// </summary>
        /// <param name="config">The parm is of type ConfigWrapper. This class reads values from local configuration file.</param>
        /// <returns></returns>
        // <GetCredentialsAsync>
        private static async Task<ServiceClientCredentials> GetCredentialsAsync(ConfigWrapper config)
        {
            // Use ApplicationTokenProvider.LoginSilentWithCertificateAsync or UserTokenProvider.LoginSilentAsync to get a token using service principal with certificate
            //// ClientAssertionCertificate
            //// ApplicationTokenProvider.LoginSilentWithCertificateAsync

            // Use ApplicationTokenProvider.LoginSilentAsync to get a token using a service principal with symetric key
            ClientCredential clientCredential = new ClientCredential(config.AadClientId, config.AadSecret);
            return await ApplicationTokenProvider.LoginSilentAsync(config.AadTenantId, clientCredential, ActiveDirectoryServiceSettings.AzureChina);
        }

参考资料

使用媒体服务 v3 对视频进行上载、编码和流式传输：https://docs.azure.cn/zh-cn/media-services/latest/stream-files-tutorial-with-api

获取访问媒体服务 API 的凭据: https://docs.azure.cn/zh-cn/media-services/latest/access-api-howto?tabs=cli