获取用于访问媒体服务 API 的凭据Get credentials to access Media Services API

使用 Azure AD 身份验证访问 Azure 媒体服务 API 时,有两个身份验证选项可供选择:When you use Azure AD authentication to access the Azure Media Services API, you have two authentication options:

  • 服务主体身份验证(推荐)Service principal authentication (recommended)

    对服务进行身份验证。Authenticate a service. 常常使用这种身份验证方法的应用程序是运行守护程序服务、中间层服务或计划作业的应用:Web 应用、函数应用、逻辑应用、API 或微服务。Applications that commonly use this authentication method are apps that run daemon services, middle-tier services, or scheduled jobs: web apps, function apps, logic apps, APIs, or a microservice.

  • 用户身份验证User authentication

    验证使用应用程序与媒体服务资源进行交互的用户。Authenticate a person who is using the app to interact with Media Services resources. 交互式应用程序应首先提示用户输入凭据。The interactive application should first prompt the user for credentials. 例如,授权用户用来监视编码作业或实时传送视频流的管理控制台应用程序。An example is a management console app used by authorized users to monitor encoding jobs or live streaming.

本文介绍获取用于访问媒体服务 API 的凭据的步骤。This article describes steps for getting credentials to access Media Services API. 从以下选项卡中进行选择。Choose from the following tabs.

先决条件Prerequisites

使用 Azure 门户Use the Azure portal

API 访问API access

在“API 访问”页中,可以选择用于连接 API 的身份验证方法。 The API access page lets you select the authentication method you want to use to connect to the API. 此页还提供连接到 API 所需的值。The page also provides the values you need to connect to the API.

  1. Azure 门户中,选择媒体服务帐户。In the Azure portal, select your Media Services account.
  2. 选择与媒体服务 API 的连接方式。Select how to connect to the Media Services API.
  3. 在“连接到媒体服务 API”下,选择要连接到的媒体服务 API 版本(V3 是最新服务版本)。 Under Connect to Media Services API, select the Media Services API version you want to connect to (V3 is the latest version of the service).

使用 Azure Active Directory (Azure AD) 应用和机密对服务进行身份验证。Authenticates a service using an Azure Active Directory (Azure AD) app and secret. 建议对调用媒体服务 API 的所有中间层服务执行此操作。This is recommended for any middle-tier services calling to the Media Services API. 例如,Web 应用、Functions、逻辑应用、API 和微服务。Examples are Web Apps, Functions, Logic Apps, APIs, and microservices. 这是推荐使用的身份验证方法。This is the recommended authentication method.

管理 Azure AD 应用和机密Manage your Azure AD app and secret

在“管理 AAD 应用和机密”部分,可以选择或新建 Azure AD 应用并生成机密。 The Manage your AAD app and secret section lets you select or create a new Azure AD app and generate a secret. 出于安全方面的原因,关闭边栏选项卡后,无法显示机密。For security purposes, the secret cannot be shown after the blade is closed. 应用程序使用应用程序 ID 和机密进行身份验证,以获取媒体服务的有效令牌。The application uses the application ID and secret for authentication to obtain a valid token for media services.

务必拥有足够的权限,以便向 Azure AD 租户注册应用程序,并将应用程序分配给 Azure 订阅中的角色。Make sure that you have sufficient permissions to register an application with your Azure AD tenant and to assign the application to a role in your Azure subscription. 有关详细信息,请参阅所需权限For more information, see Required permissions.

连接到媒体服务 APIConnect to Media Services API

“连接到媒体服务 API”提供用于连接服务主体应用程序的值。 The Connect to Media Services API provides you with values that you use to connect your service principal application. 可以获取文本值,或者复制 JSON 或 XML 块。You can get text values or copy the JSON or XML blocks.

用户身份验证User authentication

此选项可用于对某个使用应用来与媒体服务资源交互的 Azure Active Directory 员工或成员进行身份验证。This option could be used to authenticate an employee or member of an Azure Active Directory who is using an app to interact with Media Services resources. 交互式应用程序应先提示用户输入用户凭据。The interactive application should first prompt the user for the user's credentials. 此身份验证方法只可用于管理型应用程序。This authentication method should only be used for Management applications.

连接到媒体服务 APIConnect to Media Services API

从“连接到媒体服务 API”部分复制用于连接用户应用程序的凭据 。Copy your credentials to connect your user application from the Connect to Media Services API section. 可以获取文本值,或者复制 JSON 或 XML 块。You can get text values or copy the JSON or XML blocks.

CLICLI

可以在本地安装 CLI。You can install the CLI locally. 有关适用于你的平台的说明,请参阅安装 Azure CLISee Install the Azure CLI for instructions for your platform.

登录Sign in

使用本地安装的 CLI 需要登录到 Azure。Using a local install of the CLI requires signing in to Azure. 使用 az login 命令登录。Sign in with the az login command.

如果 CLI 可以打开默认的浏览器,则它会打开该浏览器并加载登录页。If the CLI can open your default browser, it will do so and load a sign-in page. 否则,你需要打开一个浏览器页面,在浏览器中导航到 https://microsoft.com/deviceloginchina 后,按照有关命令行的说明输入授权代码。Otherwise, you need to open a browser page and follow the instructions on the command line to enter an authorization code after navigating to https://microsoft.com/deviceloginchina in your browser.

指定文件位置Specify location of files

许多媒体服务 CLI 命令允许你通过文件名来传递参数。Many Media Services CLI commands allow you to pass a parameter with a file name.

需要根据所用的 OS 或 Shell(Bash 或 PowerShell)指定文件路径。You need to specify the file path according to the OS or Shell (Bash or PowerShell) that you are using. 下面是一些示例:Below are some examples:

文件(所有 OS)的相对路径Relative path to the file (all OS)

  • @"mytestfile.json"
  • @"../mytestfile.json"

Linux/Mac 和 Windows OS 上的绝对文件路径Absolute file path on Linux/Mac and Windows OS

  • @ "/usr/home/mytestfile.json"
  • @"c:\tmp\user\mytestfile.json"

如果命令要求提供文件路径,请使用 {file}Use {file} if the command is asking for a path to the file. 例如,az ams transform create -a amsaccount -g resourceGroup -n custom --preset .\customPreset.jsonFor example, az ams transform create -a amsaccount -g resourceGroup -n custom --preset .\customPreset.json.
如果命令将加载指定的文件,请使用 @{file}Use @{file} if the command is going to load the specified file. 例如,az ams account-filter create -a amsaccount -g resourceGroup -n filterName --tracks @tracks.jsonFor example, az ams account-filter create -a amsaccount -g resourceGroup -n filterName --tracks @tracks.json.

访问媒体服务 APIAccess the Media Services API

若要连接到 Azure 媒体服务 API,请使用 Azure AD 服务主体身份验证。To connect to Azure Media Services APIs, you use the Azure AD service principal authentication. 以下命令创建 Azure AD 应用程序并将服务主体附加到帐户。The following command creates an Azure AD application and attaches a service principal to the account. 应使用返回的值配置应用程序。You should use the returned values to configure your application.

在运行脚本之前,应将 amsaccountamsResourceGroup 替换为在创建这些资源时选择的名称。Before running the script, you should replace the amsaccount and amsResourceGroup with the names you chose when creating these resources. amsaccount 是要向其附加服务主体的 Azure 媒体服务帐户的名称。amsaccount is the name of the Azure Media Services account where to attach the service principal.

如果你有权访问多个订阅,请先将活动订阅设置为在其中创建了媒体服务帐户的订阅。If you have access to multiple subscriptions, first set the active subscription to the subscription where the Media Services account was created.

az account set --subscription subscriptionId

以下命令返回 json 输出:The following command returns a json output:

az ams account sp create --account-name amsaccount --resource-group amsResourceGroup

此命令会生成如下响应:This command produces a response similar to this:

{
  "AadClientId": "00000000-0000-0000-0000-000000000000",
  "AadEndpoint": "https://login.chinacloudapi.cn",
  "AadSecret": "00000000-0000-0000-0000-000000000000",
  "AadTenantId": "00000000-0000-0000-0000-000000000000",
  "AccountName": "amsaccount",
  "ArmAadAudience": "https://management.core.chinacloudapi.cn/",
  "ArmEndpoint": "https://management.chinacloudapi.cn/",
  "Region": "chinaeast",
  "ResourceGroup": "amsResourceGroup",
  "SubscriptionId": "00000000-0000-0000-0000-000000000000"
}

如果想要在响应中获得 xml,请使用以下命令:If you would like to get an xml in the response, use the following command:

az ams account sp create --account-name amsaccount --resource-group amsResourceGroup --xml

后续步骤Next steps

教程:使用媒体服务 v3 上传、编码和流式传输视频Tutorial: Upload, encode, and stream videos with Media Services v3.