This sample shows how to build an MVC web application that uses Azure Media Services .NET SDK to display video gallery to user. Based on AD user group membership they will be able to see content. User belonging to admin AD group will be able to configure Azure Media Services Key Delivery authorization policies to restrict access for content keys. Content keys are used too dynamically decrypt video stream to user.
To run this sample you will need:
- Visual Studio 2013
- An Internet connection
- An Azure subscription
Every Azure subscription has an associated Azure Active Directory tenant. If you don't already have an Azure subscription, you can get a free subscription by signing up at http://wwww.windowsazure.com. All of the Azure AD features used by this sample are available free of charge. Azure Media Services tenant can be provisioned through Azure Portal and regular pricing is applied.
From your shell or command line:
git clone https://github.com/azure-media-services-samples.git
-
Use the Azure Management Portal to create an Azure Media Services account. For more information, see How to Create a Media Services Account.
-
Use the Portal to upload an asset. See the steps described in the How to: Upload content section.
-
Use the Portal to encode the asset. See the steps described in the How to: Encode content section and choose the Playback on PC/Mac (via Flash/Silverlight) preset from the Azure Media Encoder dialog box.
-
Use the Portal to publish the asset. See the steps described in the How to: Publish content section.
Once your asset is published, you can use the steps described in How to: Play content from the portal section to stream your asset. You can also use one of the following players to test your stream: http://amsplayer.azurewebsites.net/ or http://smf.cloudapp.net/healthmonitor
- If you already have a user account in your Azure Active Directory tenant, you can skip to the next step. This sample will not work with a Microsoft account, so if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now. If you create an account and want to use it to sign-in to the Azure portal, don't forget to add the user account as a co-administrator of your Azure subscription. 2.Create few more accounts to be able to see that different users have different access right to video gallery
- Create Admin Group and save aside value ObjectID of this group
- Create one or more additional groups
- Assign one users to be in admin group. This user will be able to configure authorization policies within MediaLibraryWebApp
- Assign other users between other groups
- Sign in to the Azure management portal.
- Click on Active Directory in the left hand nav.
- Click the directory tenant where you wish to register the sample application.
- Click the Applications tab.
- In the drawer, click Add.
- Click "Add an application my organization is developing".
- Enter a friendly name for the application, for example "MediaLibraryWebApp", select "Web Application and/or Web API", and click next.
- For the sign-on URL, enter the base URL for the sample, which is by default
https://localhost:44322/
. NOTE: It is important, due to the way Azure AD matches URLs, to ensure there is a trailing slash on the end of this URL. If you don't include the trailing slash, you will receive an error when the application attempts to redeem an authorization code. - For the App ID URI, enter
https://<your_tenant_name>/MediaLibraryWebApp
, replacing<your_tenant_name>
with the name of your Azure AD tenant. Click OK to complete the registration. - While still in the Azure portal, click the Configure tab of your application.
- Find the Client ID value and copy it aside, you will need this later when configuring your application.
- Create a new key for the application. Save the configuration so you can view the key value. Save this aside for when you configure the project in Visual Studio.
- Download 'MediaLibraryWebApp' application manifest from Azure portal
- Find property
groupMembershipClaims
and change it value toAll
."groupMembershipClaims": "All",
- Upload application manifest back to Azure portal
- In section 'Permission to other applications ' select Windows Azure Active Directory Application permissions and check all checkboxes.
Register the application to act as resource for which JWT token is issued. Obtained JWT token will be used to communicate with Azure Media Services Key delivery service.
- Sign in to the Azure management portal.
- Click on Active Directory in the left hand nav.
- Click the directory tenant where you wish to register the resource application.
- Click the Applications tab.
- In the drawer, click Add.
- Click "Add an application my organization is developing".
- Enter a friendly name for the application, for example "Keydelivery", select "Web Application and/or Web API", and click next.
- For the sign-on URL, enter the base URL for the resource app. For example: http://yourdomain.onmicrosoft.com/MediaLibraryWebKeyDelivery
- For the App ID URI, enter
https://<your_tenant_name>/MediaLibraryWebKeyDelivery
, replacing<your_tenant_name>
with the name of your Azure AD tenant. Click OK to complete the registration. - While still in the Azure portal, click the Configure tab of your application.
- Find the Client ID value and copy it aside, you will need this later when configuring your application.
- Create a new key for the application. Save the configuration so you can view the key value. Save this aside for when you configure the project in Visual Studio.
- Download 'Keydelivery' application manifest from Azure portal
- Find property
groupMembershipClaims
and change it value toAll
."groupMembershipClaims": "All",
- Upload application manifest back to Azure portal
- In section 'Permission to other applications ' select Windows Azure Active Directory Application permissions and check all checkboxes.
- Open the solution in Visual Studio 2013.
- Open the
web.config
file. - Find the app key
ida:Tenant
and replace the value with your AAD tenant name. - Find the app key
ida:ClientId
and replace the value with the Client ID for the MediaLibraryWebApp from the Azure portal. - Find the app key `ida:KeyDeliveryResourceId' and replace the value with the Client ID for the Keydelivery app from the Azure portal.
- Find the app key
ida:AppKey
and replace the value with the key for the MediaLibraryWebApp from the Azure portal. - If you changed the base URL of the MediaLibraryWebApp sample, find the app key
ida:PostLogoutRedirectUri
and replace the value with the new base URL of the sample. - Find the app key
ida:FederationMetaDataUri
and replace it with the FederationMetaDataUri from the Azure portal. Click 'View Endpoints' in domain applications list screen. - Find the app key
ida:AdminGroupObjectId
and replace the value with your Admin group ObjectID obtained earlier in Step 3. - Find the app key
ida:MediaServicesAccount
and replace the value with you Azure Media Services account name - Find the app key
ida:MediaServicesKey
and replace the value with you Azure Media Services account key. You can find value in Azure portal.
Clean the solution, rebuild the solution, and run it. You might want to go into the solution properties and set both projects as startup projects, with the service project starting first.