It is crashing in: https://github.com/WindowsAzure/azure-sdk-for-media-services/blob/3b2d5e227b2622c6d78fb10b1a733b188f1a6767/src/net/Client/DuplicatedFiles/EncryptionUtils.cs
During SaveCertificateToStore, specifically, in store.Open(OpenFlags.ReadWrite).
The save is called from here:
/// <summary>
/// Gets the certificate for protection key id.
/// </summary>
/// <param name="dataContext">The data context.</param>
/// <param name="protectionKeyId">The protection key id.</param>
/// <returns>The content key.</returns>
internal static X509Certificate2 GetCertificateForProtectionKeyId(DataServiceContext dataContext, string protectionKeyId)
{
// First check to see if we have the cert in our store already.
X509Certificate2 certToUse = EncryptionUtils.GetCertificateFromStore(protectionKeyId);
if ((certToUse == null) && (dataContext != null))
{
// If not, download it from Nimbus to use.
Uri uriGetProtectionKey = new Uri(string.Format(CultureInfo.InvariantCulture, "/GetProtectionKey?protectionKeyId='{0}'", protectionKeyId), UriKind.Relative);
IEnumerable<string> results2 = dataContext.Execute<string>(uriGetProtectionKey);
string certString = results2.Single();
byte[] certBytes = Convert.FromBase64String(certString);
certToUse = new X509Certificate2(certBytes);
// Finally save it for next time.
EncryptionUtils.SaveCertificateToStore(certToUse);
}
return certToUse;
}
This should catch the exception and sit on it because it’s serialization is not mandatory (and impossible in WebSites due to privilege restrictions).
Something like:
// Finally try to save it for next time, as an optimization.
try{
EncryptionUtils.SaveCertificateToStore(certToUse);
}
catch()
{
//Do nothing, this is not mandatory and breaks Azure WebSites deployment scenarios where they do not have rights to X509Stor.Open().
//Ref: http://stackoverflow.com/questions/18056707/create-azure-media-services-job-from-azure-shared-website
}
At this time, we don’t have the resources to test/confirm this. If you can re-build the GitHub of the SDK with the above changes, then you’d should be able to move past this.