JWT token validates correctly, but fails Azure media AES with AuthorizationPolicyEvaluationFailure error
I've setup a simple Azure function to test out Azure media services. I'm trying to protect a video I uploaded, but I can't seem to get the JWT right. Here's the simple function code.
[FunctionName("Test")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
var expires = DateTimeOffset.UtcNow.AddMinutes(20);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("RYhzAnz....VP0uQ==")); // removed full key for brevity
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new List<Claim>
{
};
var token = new JwtSecurityToken("http://test.net/",
"urn:user",
claims.AsEnumerable(),
expires: expires.LocalDateTime,
signingCredentials: credentials
);
return new OkObjectResult(new JwtSecurityTokenHandler().WriteToken(token));
}
I've filled out the issuer/audience in the token so that it matches what is in my Azure settings.
I've even validated that token on jwt.io, and it verified correctly
But when I test it out on the Azure Media Player, the response is a 401 with a AuthorizationPolicyEvaluationFailure.
Here's the response from the Azure key delivery service
{
"Error": {
"Message": "Failed content key policy evaluation.",
"Code": "AuthorizationPolicyEvaluationFailure"
}
}
Found out what I was doing wrong. Problem was hidden in plain sight. Issue came down to this line of code.
Encoding.UTF8.GetBytes("RYhzAnz....VP0uQ==")
This was getting the bytes of the security key, but the security key itself is base64 encoded. I had to change it to this instead.
System.Convert.FromBase64String("RYhzAnz....VP0uQ==")
I was able to figure this out while debugging the Azure Media Service AES example.
- Cannot add data to a ComplexField using Python SDK for Azure AI Search
- letsencrypt cert request failing for AKS ingress
- Playwright Test execution on Azure Windows machine fails in pipeline with error as No test found, It works perfectly with same command
- How to Combining PowerShell Output from multiple server to Single csv
- How can I find all Azure app registrations with API permissions to a specific app registration?
- Azure Deployment Groups vs Agent Pools
- I cannot extract .sql CREATE TABLEs for each table in my Azure SQL Database in my Azure Repo
- Can not read blobs through BlobContainerClient for blobs with empty folder prefixes
- Are task logs deleted when the node is deleted due to autoscaling in Azure Batch service?
- Azure Function Blob Storage Monitor
- I want to fetch Azure SQL table data from ADF to use as input in copy activity
- How to access code of my Azure website?
- Run JMeter script in AzureDevOps - Bearer Access Token generation
- Azure Function - HTTP trigger request length exceeded
- How and where to define an environment variable on Azure
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- While Hierarchical namespace enabled cannot upload blob with metadata hdi_isfolder
- Cannot log in to Visual Studio Account in VS 2022
- SchemaColumnConvertNotSupportedException: column: [Col_Name], physicalType: INT64, logicalType: string
- create Azure Keyvault secret without exposing values
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- Deploy ARM template at management group scope with Azure DevOps Pipeline
- How to make an azure function that deploys my bicep script from Azure Storage Account
- Basic SQL commands in Terraform
- Can we Deploy Web Application in Azure OpenAI of Production Level
- Get-MgGroupMember by display name instead of userID
- Azure DevOps REST API parent relation link to existing work item error
- What should be put to 'repoOwners' in Managed Identity Federated Credentials policy?
- How to get list of users from CSV file whose LastSignInDate column has a date that is before 90 days from current date or is empty?
- Langchain cannot connect with Azure SQL Database