了解客户端如何将令牌传递到 Azure 媒体服务密钥传送服务Learn how clients pass tokens to the Azure Media Services key delivery service

媒体服务徽标media services logo


客户经常会问,播放器如何将令牌传递到 Azure 媒体服务密钥传送服务来进行验证,以便播放器可以获取密钥。Customers often ask how a player can pass tokens to the Azure Media Services key delivery service for verification so the player can obtain the key. 媒体服务支持简单 Web 令牌 (SWT) 和 JSON Web 令牌 (JWT) 格式。Media Services supports the simple web token (SWT) and JSON Web Token (JWT) formats. 令牌身份验证可应用于任何类型的密钥,不论系统中使用的是通用加密还是高级加密标准 (AES) 信封加密。Token authentication is applied to any type of key, regardless of whether you use common encryption or Advanced Encryption Standard (AES) envelope encryption in the system.

可使用播放器通过以下方式传递令牌,具体取决于设定为目标的播放器和平台:Depending on the player and platform you target, you can pass the token with your player in the following ways:

  • 通过 HTTP 授权标头。Through the HTTP Authorization header.

    备注

    根据 OAuth 2.0 规格,应使用“Bearer”前缀。The "Bearer" prefix is expected per the OAuth 2.0 specs. Azure 媒体播放器演示页面上提供了一个具有令牌配置的示例播放器。A sample player with the token configuration is hosted on the Azure Media Player demo page. 若要设置视频源,请选择“AES(JWT 令牌)”或“AES(SWT 令牌)”。 To set the video source, choose AES (JWT Token) or AES (SWT Token). 令牌是通过授权标头传递的。The token is passed via the Authorization header.

  • 通过使用“token=tokenvalue”添加一个 URL 查询参数。Via the addition of a URL query parameter with "token=tokenvalue."

    备注

    不应使用“Bearer”前缀。The "Bearer" prefix isn't expected. 由于令牌是通过 URL 发送的,因此需要保护令牌字符串。Because the token is sent through a URL, you need to armor the token string. 下面的 C# 示例代码显示了如何执行此操作:Here is a C# sample code that shows how to do it:

    string armoredAuthToken = System.Web.HttpUtility.UrlEncode(authToken);
    string uriWithTokenParameter = string.Format("{0}&token={1}", keyDeliveryServiceUri.AbsoluteUri, armoredAuthToken);
    Uri keyDeliveryUrlWithTokenParameter = new Uri(uriWithTokenParameter);
    
  • 通过 CustomData 字段。Through the CustomData field. 此选项仅用于 PlayReady 许可证获取,通过 PlayReady 许可证获取质询的 CustomData 字段。This option is used for PlayReady license acquisition only, through the CustomData field of the PlayReady License Acquisition Challenge. 在此情况下,令牌必须位于如下所述的 xml 文档中:In this case, the token must be inside the XML document as described here:

    <?xml version="1.0"?>
    <CustomData xmlns="http://schemas.microsoft.com/Azure/MediaServices/KeyDelivery/PlayReadyCustomData/v1"> 
        <Token></Token> 
    </CustomData>
    

    将身份验证令牌放入 Token 元素中。Put your authentication token in the Token element.

  • 通过替换的 HTTP Live Streaming (HLS) 播放列表。Through an alternate HTTP Live Streaming (HLS) playlist. 如果需要在 iOS/Safari 上为 AES + HLS 播放配置令牌身份验证,无法直接发送令牌。If you need to configure token authentication for AES + HLS playback on iOS/Safari, there isn't a way you can directly send in the token. 有关如何替换播放列表来启用此方案的详细信息,请参阅此博客文章For more information on how to alternate the playlist to enable this scenario, see this blog post.

后续步骤Next steps

媒体服务 v3(最新版本)Media Services v3 (latest)

查看最新版本的 Azure 媒体服务!Check out the latest version of Azure Media Services!

媒体服务 v2(旧版)Media Services v2 (legacy)