public static void AddOpenAuthorizationPolicy(IContentKey contentKey) { // Create ContentKeyAuthorizationPolicy with Open restrictions // and create authorization policy IContentKeyAuthorizationPolicy policy = _context. ContentKeyAuthorizationPolicies. CreateAsync("Open Authorization Policy").Result; List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "HLS Open Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.Open, Requirements = null // no requirements needed for HLS }; restrictions.Add(restriction); IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "policy", ContentKeyDeliveryType.BaselineHttp, restrictions, ""); policy.Options.Add(policyOption); // Add ContentKeyAutorizationPolicy to ContentKey contentKey.AuthorizationPolicyId = policy.Id; IContentKey updatedKey = contentKey.UpdateAsync().Result; Console.WriteLine("Adding Key to Asset: Key ID is " + updatedKey.Id); }
public IContentKey AddAuthorizationPolicyToContentKey(string assetID, CloudMediaContext mediaContext, IContentKey objIContentKey, string claimType, string claimValue, JwtSecurityToken token) { //we name auth policy same as asset var policy = mediaContext.ContentKeyAuthorizationPolicies.Where(c => c.Name == assetID).FirstOrDefault(); // Create ContentKeyAuthorizationPolicy with restrictions and create authorization policy if (policy == null) { policy = mediaContext.ContentKeyAuthorizationPolicies.CreateAsync(assetID).Result; } //naming policyOption same as asset var policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Where(name => name.Name == assetID).FirstOrDefault(); if (policyOption == null) { List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>(); TokenRestrictionTemplate template = new TokenRestrictionTemplate(); template.TokenType = TokenType.JWT; //Using Active Directory Open ID discovery spec to use Json Web Keys during token verification template.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument("https://login.windows.net/common/.well-known/openid-configuration"); //Ignore Empty claims if (!String.IsNullOrEmpty(claimType) && !String.IsNullOrEmpty(claimValue)) { template.RequiredClaims.Add(new TokenClaim(claimType, claimValue)); } var audience = token.Audiences.First(); template.Audience = audience; template.Issuer = token.Issuer; string requirements = TokenRestrictionTemplateSerializer.Serialize(template); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Authorization Policy with Token Restriction", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = requirements }; restrictions.Add(restriction); policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Create(assetID, ContentKeyDeliveryType.BaselineHttp, restrictions, null); policy.Options.Add(policyOption); policy.UpdateAsync(); } // Add ContentKeyAutorizationPolicy to ContentKey objIContentKey.AuthorizationPolicyId = policy.Id; IContentKey IContentKeyUpdated = objIContentKey.UpdateAsync().Result; return IContentKeyUpdated; }
private string AddTokenRestrictedAuthorizationPolicy(IContentKey contentKey) { string tokenTemplateString = GenerateTokenRequirements(); IContentKeyAuthorizationPolicy policy = _MediaServiceContext. ContentKeyAuthorizationPolicies. CreateAsync(myConfig.policyName).Result; List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString }; restrictions.Add(restriction); //You could have multiple options IContentKeyAuthorizationPolicyOption policyOption = _MediaServiceContext.ContentKeyAuthorizationPolicyOptions.Create( "Token option for HLS", ContentKeyDeliveryType.BaselineHttp, restrictions, null // no key delivery data is needed for HLS ); policy.Options.Add(policyOption); // Add ContentKeyAutorizationPolicy to ContentKey contentKey.AuthorizationPolicyId = policy.Id; IContentKey updatedKey = contentKey.UpdateAsync().Result; Trace.TraceInformation("Adding Key to Asset: Key ID is " + updatedKey.Id); return tokenTemplateString; }
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string openIdDiscoveryPath = null) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath); string tname = detailedtokentype.ToString(); List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = tname + " Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString }; restrictions.Add(restriction); //You could have multiple options IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "Token option", ContentKeyDeliveryType.BaselineHttp, restrictions, null // no key delivery data is needed for HLS ); return policyOption; }
public static IContentKey AddAuthorizationPolicyToContentKey(string assetID, CloudMediaContext mediaContext, IContentKey objIContentKey, string claimType, string claimValue) { //we name auth policy same as asset var policy = mediaContext.ContentKeyAuthorizationPolicies.Where(c => c.Name == assetID).FirstOrDefault(); // Create ContentKeyAuthorizationPolicy with restrictions and create authorization policy if (policy == null) { policy = mediaContext.ContentKeyAuthorizationPolicies.CreateAsync(assetID).Result; } //naming policyOption same as asset var policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Where(name => name.Name == assetID).FirstOrDefault(); if (policyOption == null) { List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>(); List<X509Certificate2> certs = GetX509Certificate2FromADMetadataEndpoint(); JwtSecurityToken token = GetJwtSecurityToken(); TokenRestrictionTemplate template = new TokenRestrictionTemplate(); template.TokenType = TokenType.JWT; template.PrimaryVerificationKey = new X509CertTokenVerificationKey(certs[0]); certs.GetRange(1, certs.Count - 1).ForEach(c => template.AlternateVerificationKeys.Add(new X509CertTokenVerificationKey(c))); //Ignore Empty claims if (!String.IsNullOrEmpty(claimType) && !String.IsNullOrEmpty(claimValue)) { template.RequiredClaims.Add(new TokenClaim(claimType, claimValue)); } var audience = token.Audiences.First(); template.Audience = new Uri(audience); template.Issuer = new Uri(token.Issuer); string requirements = TokenRestrictionTemplateSerializer.Serialize(template); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Authorization Policy with Token Restriction", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = requirements }; restrictions.Add(restriction); policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Create(assetID, ContentKeyDeliveryType.BaselineHttp, restrictions, null); policy.Options.Add(policyOption); policy.UpdateAsync(); } // Add ContentKeyAutorizationPolicy to ContentKey objIContentKey.AuthorizationPolicyId = policy.Id; IContentKey IContentKeyUpdated = objIContentKey.UpdateAsync().Result; return IContentKeyUpdated; }
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, bool IsJWTKeySymmetric, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey); string tname = ((IsJWTKeySymmetric) ? "Sym " : "Asym ") + ((tokentype == TokenType.SWT) ? "SWT " : "JWT "); List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString }; restrictions.Add(restriction); //You could have multiple options IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "Token option", ContentKeyDeliveryType.BaselineHttp, restrictions, null // no key delivery data is needed for HLS ); return policyOption; }