I am considering Azure Media Services to host some of my corporate videos so that I can provide them to my users through my corporate website. The reason I am looking for Azure Media Services is because of the Progressive Download Adaptive bitrate streaming feature.
My plan is to upload the videos to AMS and then use the progressive download locator in the <video> tags. I did some demos and it looks fine.
However the only concern I have is with the URL. The assets are confidential and the security team raised a concern of having the security tokens in the URL. From their perspective anyone who has this URL can download the files, without logging into the corporate site.
I feel like this is how it works and there no other option to secure the assets. Am I correct? Are there any best practices or guideline that I can use to secure these Azure hosted assets?
My goal is to restrict the possibility of a user (or a hacker) directly accessing the files with the URL seen in the HTML source (the <video> tag's src attribute).
for this scenario, it's best to secure the video content with a content protection such as AES-128 clear key encryption. For corporate network videos (trusted end-users) the content is encrypted from access by a third-party and setting up encryption is simple. Have a look at the public docs:
https://learn.microsoft.com/en-us/azure/media-services/media-services-protect-with-aes128
Related
I am working in an Azure Storage Static Website. This website is publicly available and is intended to perform operations against Azure Storage (manage multimedia - crud actions). I am afraid that since it is a client-side app, anybody can use the code to perform unintended operations against the storage account. Any thoughts how can i protect the app against this? Also i am looking for a solution to avoid hardcoded keys/SAS tokens to have permission for the operations against the storage account. I was thinking about using the managed service identity. Anyone had experience with it, since it is in preview mode?
You should definitely not put keys or SAS tokens client-side. As you say, anybody can obtain this and get access to the storage account. One solution is to use an HTTP-triggered serverless function to generate a SAS token as needed. Then you can issue a time-limited SAS to only the resources you want to be publicly accessible. The below tutorial shows how to do this.
https://learn.microsoft.com/en-us/azure/functions/tutorial-static-website-serverless-api-with-database
The static website endpoint is strictly read only. So the client will not be able to change the content of the website.
Currently static website is anonymous access. "add oauth" will be added soon. For read access, once the site is enabled, it'll be available to all public.
Currently we don't have oauth support. Anybody can read the content of the website as long as they have the uri
We're planning to build a Xamarin app, where you can watch some videos that are hosted on microsoft Azure. Does the azure blob storage support streaming to my mobile app or can i only download the files?
The video urls shouldn't be exposed to public, as mentioned here.
Has anybody experience in this? I didn't find any reliable infos on the web.
Very important thing here - streaming and live-streaming. If you would like to just upload video files to Azur Blob and access them in the mobile app this is possible. I did tests with .mp4 (I did not test other formats) files and once they were uploaded I could play them in the mobile app without any problems.
You do not have to worry about the access too - you can secure URLs with Shared Access Signature or Storage Account Key.
You can read more about it below (Data Plane Security):
https://learn.microsoft.com/en-us/azure/storage/storage-security-guide
I'm using a wordpress template and have multiple media uploaders. When they embedd/insert their content from the media library, they should only be able to see and embedd their uploaded content. My goal is to host the website in Azure and also use its media services for video content. Is there an elegant frontend way with wich users can upload their content an reembedd it after transcoding?
I think that there is no plugin that supports directly Azure Media Services encoding workflows in WordPress.
Maybe you can do it in a few steps :
Use the WordPress Azure Storage plugins to upload your files : https://wordpress.org/plugins/windows-azure-storage/
Use an Azure WebJob to trigger encoding as soon as a file is uploaded in the storage : https://github.com/Azure/azure-content/blob/master/articles/app-service-web/websites-dotnet-webjobs-sdk-storage-blobs-how-to.md and https://azure.microsoft.com/en-us/documentation/articles/media-services-dotnet-encode-asset/
Display the video on your site, using Azure Media Player : http://amsplayer.azurewebsites.net/
Hope this helps,
Julien
I have a single page html application, that uses a lot of jQuery. The app content (data as xml and media audio/video/image) is (and has to be) provided by blobs on azure account. I don't need any application server.
What is the recommended way to host such single page html application on Windows Azure Environment (Azure is a requirement).
As I do not need any application server, all application files are currently uploaded into single container as Blobs with appropriate content types. It all works very good.
Still, I've seen that Azure has some website hosting capabilities I've been wondering if what I did is appropriate?
Thanks
Windows Azure Web Sites would work well and could be free for the duration. If the constraints of the free offering don't work for you, you can scale out easily.
You could also store your home page in Azure blob storage, but that means users would have to have the full path to it as there's no server configuration to specify a default page. Publicizing your site endpoint via a vanity URL from bit.ly or the like could make that a non-issue though.
Do note though, that by having everything in blob storage, you're incurring a transaction cost for every image, every page, every script access (that's not cached on the browser that is). Depending on the nature of your site and traffic, it could be more cost-effective to leverage something like Windows Azure Web Site for some of this.
I'm trying to setup a video file upload using UDP protocol onto Windows Azure Media Services. I have not found any code sample or documentation to give me a headstart. Could somebody help me on this matter and provide me some code sample or a documentation or the concept?
Thanks in advance!!
Azure Media Services is a platform as a service which uses Azure as the backend. Specifically, it uses Azure Storage. If you are using the .Net Media Services SDK to upload, then you may not notice that it is wrapping the AzStorage SDK calls for transfer. If you are using the REST directly, you will notice that any PUT calls are heading straight for your storage account. In both of these cases, all Media Services is doing it providing the SAS URLs for uploading to the backend storage.
At this time, AzStorage supports only HTTP PUT for uploads.
In addition, Azure has recently on-boarded a 3rd party solution for fast uploading, look for Aspera in the marketplace. Note that this is a tiered subscription service and may require the purchase of client-side software (same model as Amazon S3, incase your doing side-by-side comparisons).
I did a full walk-through a few months ago on my blog:
http://blog-ndrouin.azurewebsites.net/?p=561
The blog needs a bit of maintenance since the service is no longer in preview, but you'll get the idea.
Media Services is still a preview feature. UDP will only be available in the RTM release:
By the RTM release, Media Services will offer integration with partner
components to provide fast UDP (User Datagram Protocol) upload
solutions.