2

我有上传新资产的代码。为流式传输和缩略图创建创建转码作业。然后轮询该转码作业的状态更改以进行更新。

这一切在本地机器上都可以正常工作。在 Azure 网站上运行时,我收到:

    Access is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Security.Cryptography.CryptographicException: Access is denied.


Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 


[CryptographicException: Access is denied.
]
   System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags) +1985499
   Microsoft.WindowsAzure.MediaServices.Client.EncryptionUtils.SaveCertificateToStore(X509Certificate2 certToStore) +64
   Microsoft.WindowsAzure.MediaServices.Client.ContentKeyBaseCollection.GetCertificateForProtectionKeyId(DataServiceContext dataContext, String protectionKeyId) +201
   Microsoft.WindowsAzure.MediaServices.Client.JobData.ProtectTaskConfiguration(TaskData task, X509Certificate2& certToUse, DataServiceContext dataContext) +285
   Microsoft.WindowsAzure.MediaServices.Client.JobData.InnerSubmit(DataServiceContext dataContext) +540
   Microsoft.WindowsAzure.MediaServices.Client.JobData.SubmitAsync() +63
   Microsoft.WindowsAzure.MediaServices.Client.JobData.Submit() +25
   SEISMatch.MediaServices.AzureMediaServices.ProcessVideo(Video video) +498
   SEISMatch.BusinessLogic.MediaServicesManager.StartProcessingMedia(Video v) +48
   SEISMatch.BusinessLogic.VideoManager.UploadComplete(Guid guid) +493
   lambda_method(Closure , ControllerBase , Object[] ) +155
   System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
   System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +182
   System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
   System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
   System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
   System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
   System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
   System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
   System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +24
   System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
   System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
   System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
   System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
   System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
   System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
   System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9629296
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

我在其他地方找到了对这个错误的引用。但没有说明如何在 Azure 网站上下文中解决它。大概可以使用 Azure 网站与 Azure 媒体服务进行交互吗?该错误是由于尝试为媒体服务库中的某些内部功能保存证书而引起的。

我的代码如下所示:

var inputAsset = mediaContext.Assets.Where(a => a.Name == video.AssetName).FirstOrDefault();    
IJob job = mediaContext.Jobs.Create(video.FileName + " Processing");
var thumbnailAssetID = AddThumbnailExtractionTask(job, inputAsset);
var encodedAsset = AddEncodeTask(job, inputAsset);
job.Submit(); //Error thrown here
4

4 回答 4

1

它正在崩溃: https ://github.com/WindowsAzure/azure-sdk-for-media-services/blob/3b2d5e227b2622c6d78fb10b1a733b188f1a6767/src/net/Client/DuplicatedFiles/EncryptionUtils.cs

在 SaveCertificateToStore 期间,特别是在 store.Open(OpenFlags.ReadWrite) 中。

在哪里: https://github.com/WindowsAzure/azure-sdk-for-media-services/blob/3b2d5e227b2622c6d78fb10b1a733b188f1a6767/src/net/Client/ContentKeyBaseCollection.cs

从这里调用保存:

    /// <summary>
    /// Gets the certificate for protection key id.
    /// </summary>
    /// <param name="dataContext">The data context.</param>
    /// <param name="protectionKeyId">The protection key id.</param>
    /// <returns>The content key.</returns>
    internal static X509Certificate2 GetCertificateForProtectionKeyId(DataServiceContext dataContext, string protectionKeyId)
    {
        // First check to see if we have the cert in our store already.
        X509Certificate2 certToUse = EncryptionUtils.GetCertificateFromStore(protectionKeyId);

        if ((certToUse == null) && (dataContext != null))
        {
            // If not, download it from Nimbus to use.
            Uri uriGetProtectionKey = new Uri(string.Format(CultureInfo.InvariantCulture, "/GetProtectionKey?protectionKeyId='{0}'", protectionKeyId), UriKind.Relative);
            IEnumerable<string> results2 = dataContext.Execute<string>(uriGetProtectionKey);
            string certString = results2.Single();

            byte[] certBytes = Convert.FromBase64String(certString);
            certToUse = new X509Certificate2(certBytes);

            // Finally save it for next time.
            EncryptionUtils.SaveCertificateToStore(certToUse);
        }

        return certToUse;
    }

这应该捕获异常并坐在上面,因为它的序列化不是强制性的(并且由于权限限制在网站中是不可能的)。

就像是:

// Finally try to save it for next time, as an optimization.
try{
  EncryptionUtils.SaveCertificateToStore(certToUse);
}
catch()
{
  //Do nothing, this is not mandatory and breaks Azure WebSites deployment scenarios where they do not have rights to X509Stor.Open().
  //Ref: http://stackoverflow.com/questions/18056707/create-azure-media-services-job-from-azure-shared-website
}

目前,我们没有资源来测试/确认这一点。如果您可以使用上述更改重新构建 SDK 的 GitHub,那么您应该能够超越这一点。

于 2013-08-21T17:05:46.307 回答
0

为了使用媒体服务 sdk 用于加密内容的证书,asp.net 进程需要具有使用证书操作所需的权限。

不幸的是,所描述的行为是预期的,并且目前没有办法在 Window Azure 网站中放松此安全策略。

如果您的案例对资产使用任何加密方法并不重要,请尝试将 AssetCreateOptions 显式设置为 AssetCreationOptions.None 以避免使用证书进行操作

IAsset asset = _dataContext.Assets.Create("Test", AssetCreationOptions.None);
于 2013-08-06T12:38:28.013 回答
0

似乎不是任何简单的方法来完成。可以通过编写自己的 MediaServices 客户端库来避免证书限制。这显然是一项巨大的工作。

我通过将网站移动到 Azure WebRole 解决了这个问题。由于部署时间或成本增加,这并不理想。但这似乎是唯一的方法。

另一种方法是使用消息队列和 WorkerRole 或单独的 Services WebRole 与 WAMS 进行通信。然后让该网站仍然作为 Azure 网站存在。但与新的中间人沟通。

于 2013-08-06T15:40:10.333 回答
0

使用也很重要

TaskOptions.None

请参阅https://github.com/Azure/azure-sdk-for-media-services/issues/82

于 2014-04-04T18:34:44.243 回答