Azure Media Service provides a new lock, making it safer and more convenient. please collect new keys !, Azure is safer
I don't know how many people have replaced the home lock with a digital fingerprint lock? The traditional door locks that have been used for hundreds of thousands of years have undoubtedly become more convenient with the help of technology, without the need to bring a key, but also remote control and operation. The most important thing is that, finally, you don't have to worry about the embarrassing situation of "lu Yi.
Now, we have noticed that the Azure media service that keeps pace with the times has been "locked" and has begun to adopt a new authentication mechanism based on AAD (Azure Active Directory, this is a more powerful and role-based access control function. Compared with the ACS token Verification Model ("account key") used by the Service, allows you to access resources in your account in more detail. The ACS authentication method will be disabled on April 9, June 22, 2018. In order to ensure smooth upgrade, Alibaba Cloud will inform you nearly 12 months in advance. Let's take a look at the specific situation, what are precautions?
Azure Media Service has supported AAD authentication since June. Users of REST APIs and. NET client libraries can now use AAD authentication to authorize requests. In addition, a new management tab has been released in the Azure portal to simplify the process of user and service subject Authentication through AAD.
With the release of this RESTAPI update, Media Service can now provide the same role-based access management (RBAC) service as Azure Resource Management (ARM ). By forwarding to AAD authentication, users can also track and review all changes made by specific users or applications connected to the Media Service account.
Existing media service users must2018Year 6Month 22Days agoTake the following measures to ensure that the application continues to run as scheduled:
Update code for an application authorized by Media Service
Migrate ACS-based authentication
Start to use AAD-based authentication
The Azure Media Service rest api supports the authentication of interactive users and Web APIs, intermediate layers or daemon processes. The following describes how to use the rest api directly or through the. NET client library and the detailed method and related information for AAD authentication.
Use AAD for user authentication in Media Service
To build management applications for Azure Media Service accounts, such as the Azure service media Explorer tool, you can log on with the user creden。 authorized to access media service resources through the Management Portal Access Control (IAM) tab. This method is applicable to the following tasks:
Monitor dashboards for encoding jobs
Dashboard for live broadcast monitoring
Manage applications for desktop or mobile users, used to manage resources in media service accounts
The local application first obtains the access token from AAD, and then uses this access token for all rest api calls. Displays the typical authentication process for interactive applications. To successfully complete the rest api request, the caller must be the "contributor" or "owner" of the target Azure Media Service account to be accessed ".
Unauthorized requests will fail with Status Code 401. If you see this error, carefully check whether the user is configured as a "contributor" or "owner" in the Media Service account ". You can search for media accounts in the Azure portal and click the "Access Control" tab to check.
AAD service subject authentication in Media Service
Interactive non-interpersonal login is not required through daemon services, Web APIs, consumers (mobile or desktop) and Web applications, or direct user management/resource monitoring in a media service account, you must first create an Azure Active Directory Application in your tenant.
After creation, you must grant this application "contributor" or "owner" level permissions to the Media Service account on the access control (IAM) tab. Both steps can be easily completed through the Azure Management Portal, Azure CLI, or PowerShell script.
Easy start to use the new API access Tab
Azure Active Directory authentication may be complex for users who are not familiar with AAD. To help users get started smoothly, we are introducing a new "API access" tab for the Media Service account in the portal to replace the previous ACS "account key" tab. We also disabled the function of rotating the ACS key to prompt the user to update the code and transfer it to AAD.
The new API access tab simplifies the connection process between Azure Media Service and AAD. When you open the API access tab for the first time, you will see that you have chosen to use user identity authentication for interpersonal interactive management applications. You can also create a service subject and an AAD application, it is used for non-interpersonal interaction with media service APIs.
Subsequent steps and operations of Media Service Customers
All Azure Media Service Customers should begin migration immediately, download the latest. net sdk, or update existing REST-based API calls to use the new AAD-based authentication model.
In addition, we are developing a new version of the rest api and support more client SDK languages using AAD authentication. For more details about the updated API, refer to subsequent blog articles.
Current actions:
1. If you use. NET, update the SDK to the latest version and migrate it to AAD authentication.
2. plan in advance the ACS authentication supported by the Media Service API to be deprecated. The old ACS authentication support will be officially disabled on April 9, June 22, 2018.
Precautions for Java SDK and open-source and community-driven client sdks
If you are using Java SDK or community/open source client SDK for Media Service, you have the following options:
Existing Java sdks for media services will be updated in the next few months to support AAD authentication so that customers can begin migration immediately.
For open-source libraries that cannot be supported by the media service team, you need to work with the community SDK developers to prioritize SDK updates so that your solution supports AAD.
In addition, we are trying to release the new version of rest api (v3) this summer/fall to support the cross-PHP, Java, Python, and other client sdks generated by AutoRest, thus supporting AAD authentication.
Recommended reading
Resources and more documents
For more information about Azure media services and Azure Active Directory, see the following articles:
《Azure MediaService overview page"
《Azure Active Directory Service overview page"
For more information, sample code, and scenario documents, see the following articles:
《Use AAD authentication to access APIs"
《Manage AAD authentication using Azure Portal"
《Use. NET and AAD to access media service APIs"
《Use Azure CLI 2.0 to create and configure an AAD Application"
《Use PowerShell to create and configure an AAD Application"
Visit http://market.azure.cn now