Microsoft Azure Media Indexer basics – Part 3

In this part of the series covering the basics of using the Azure Media Indexer to make speech in audio and/or video assets searchable with SQL Server Full-text-search I will cover the basics of querying the database to find assets based on spoken words and even list the locations within these assets where the words had been spoken.

If you haven’t already, I suggest that you look at the previous two posts – part 1 covers the basics of uploading and processing an asset to produce the audio index (AIB) and closed captions files and part 2 covers how to prepare the SQL environment and load the AIB into it to enable searching.

With AIB files loaded into a table enabled for full-text-search and with the Media Indexer SQL-Add-on installed, searching for spoken words in assets using the database is nearly as simple as using standard SQL full-text-search constructs, but not quite, some differences and best practices exist and I’ll try to cover the main ones here.

The first thing to note is that when querying over AIB files the terms placed within CONTAINS or CONTAINSTABLE need to be encoded. This encoding can be done manually but it is easier (and useful for other purposes, more on this next) to use the Retrieval class provided with the SQL add-on within the MSRA_AudioIndexing_Retrieval assemly. you can find both x86 and x64 versions in the [InstallDir]\Indexer_SQL_AddOn\bin folder.

A ‘standard’ full-text-search query that looks for the word ‘microsoft’ in the title column of the File table looks like


Having been expanded by the Retrieval class a similar query looking for the spoken word ‘microsoft’ in an AIB file contained in the AIB column of the table would look like


The number of @ influences the confidence level in the matching the SQL filter will apply during query execution, the more @ you have the more inclusive the query will be.

As indicated, thankfully, one does not have to perform the encoding manually, a call to the ExpandQuery or BuildContainsTableClause static methods of the Retrieval class can be used –

string queryText = "microsoft speech"
string sqlContainsClause = Retrieval.ExpandQuery(queryText);
string sqlText = "select FileID ID from Files where contains(AIB,'" +
 sqlContainsClause + "')";

Running this SQL query against the database will return all rows where the terms requested appear within the row’s AIB data (the query can contain one more more words separated by a space or a double-quoted phrase strings), but the magic does not stop there –

If you use ContainsTable the result set will include an initial ranking score for the match –

string queryText = "microsoft speech"
string sqlContainsTableClause =
 Retrieval.BuildContainsTableClause(queryText, "Files", "AIB", 5);
string sqlText = "select FileID ID from Files inner join " +
 sqlContainsTableClause +
 " AS CT on Files.FileID = CT.[KEY] ORDER BY Rank";

This initial ranking is a useful measure to the quality and number of the matches found and so it is useful to sort the records returns by descending order of this ranking.

The initial ranking is approximate, but the Retrieval class also provides a ComputeScore method which takes a query and the AIB (and two other parameters I’ll touch upon shortly) and provides a more thorough ranking.

Because this requires the entire AIB’s contents, it makes sense to not run this on the entire set and this is exactly where the approximate ranking pays off, so the initial flow of a query would be to run the query using CONTAINSTABLE, sort by ranking and take the top n results.

Then one can choose to run the deeper scoring on these selected results by retrieving the AIBs for them from the database and calling the ComputeScore method.

Another thing the ComputeScore method can do is generate a set of snippets from the AIB . if snippets are requested  (by setting the third parameter of the ComputeScore method to true) the process will return with the score a list of snippets, each representing a section of the media file where one or more of the terms sought were found. for each snippet a start and end time is supplied (in seconds from start of media) as well as the score and even the extracted text as a string.

This allows calling applications to be very detailed – an application can display the snippets of text where query terms were found and ‘deep link’ into the media allowing the user to play the relevant section of the media.

The fourth parameter to the ComputeScore method is the maximum number of seconds to include in either side of a term found when extracting the snippet.

a call to the method looks like this

Retrieval.ScoringResult scoringResult = Retrieval.ComputeScore(queryText, result.AIB, false, snippetContext);

Again – this computation can be comparatively extensive and so it would make sense to do that either as a second step after the initial database query and filtering on the approximate score or even, in some cases, it might be worth further limiting the initial result set by getting the details scoring, without the snippets, and only generate snippets for records actually rendered on screen

The power is that one has all the options.

Overall, the process looks like this –


Naturally – the size of the AIB file can be quite large (a 40 minute mp3 file I processed resulted in 991kb AIB file) and so transferring this across the network every time a user runs a query may not be wise.

For this reason I think the right pattern is to implemented the query logic within a simple Web API which can be placed on the SQL server itself. This allows for the most efficient transfer of the AIB data and only returning the analysis result, which is a much smaller data set, to the client.

A client can call the API, passing in the term to look for and return a list of matches with snippet information and because this snippet (and hits) information contains time positions within the asset (in seconds) it can use these in the client to start playback of the asset at the relevant location (and even display the text relevant to the match)

An example of a response from a WebAPI I created looks like this (I searched for ‘money’ and ‘criminal’ in a You and Yours BBC Radio 4 podcast) –

    Title: "test title"
    URL: "assets\\yyhighlights_20141010-1400a.mp3"
Rank: 3
Duration: 2375.840002
-Snippets: [
    -Hits: [
        TermScore: 0
        EndPos: 8
StartPos: 0
EndTime: 102.210007
StartTime: 101.57
QueryTerm: "criminal"
    TermScore: 0
    EndPos: 31
StartPos: 26
EndTime: 104.01
StartTime: 103.670006
QueryTerm: "money"
EndTime: 104.25
StartTime: 101.57
Text: "criminal using her to get money out "
    -Hits: [
        TermScore: 0
        EndPos: 70
StartPos: 65
EndTime: 130.17

Another possible approach is to use SQLCLR to run the scoring method directly in the database. This will certainly be more efficient in terms of data transfer but everyone likes this approach. again – its good to have options.

Microsoft Azure Media Indexer basics – Part 2

In my previous post I’ve described the Azure Media indexer at high level and walked through the steps required to produce the AIB file (amongst other things) for a video or audio asset.

Whilst AIB files can be processed individually (as will be touched upon in the next post), the real power comes from using them in conjunction with the Media Indexer SQL Server add-on , allowing the result of the media indexing job to be integrated into SQL Server’s full text search capability.

To do that a SQL Server instance needs to be prepared with the SQL add-on and this short post will discuss the steps taken to prepare a database to be searchable.

The first step is to download the Azure Media Indexer SQL Add-on which, at the time of writing, can be found here

Once downloaded run either the x86 or x64 installer as required which will perform the installation steps and expand the SDK files (by default into C:\Program Files\Azure Media Services Indexer SDK)

The best next step at this point, in my opinion at least, is to read the user guide delivered with the SDK which can be found under the [Install Dir]\Indexer_SQL_AddOn\Docs folder within the installation location as this explains quite a lot about how the add-on works and how it should be used as well as describing the capabilities and usage of the classes available within the MSRA_AudioIndexing_Retrieval.dll assembly that ships with the SDK.

The installer would have configured the full text search filter within SQL Server and so the next step is to have a database in which the AIB data will be stored and to ensure that full text search is enabled on the database –


Within the database, you can create a table to hold the AIB data. The minimum requirement, as outlined by the user guide is to have two columns – a column called ‘AIB’ of type varbinary(max) to hold the bytes of the AIB file and a column called ‘Ext’ of type varchar(4) to hold the extension which should always be ‘.aib’.

This could be a dedicated table or columns added to an existing table. Obviously you would want to include some sore of reference to the original content and metadata so that this information can be available alongside the search results.

The AIB column needs to be configured for full-text-search, a SQL script to create a sample table exists in the SDK in the location – [InstallDir] \code\Setup.sql, below is the part of the script that creates the full text search catalogue and associates the AIB and FilePath columns with it


	files (AIB TYPE COLUMN ext LANGUAGE 43017, 
			FilePath LANGUAGE English)
			ON AudioSearchFTCat

and that is it!

Following these steps the SQL server and table created are ready to be used to index media files, a simple insert, such as the example below can then add data to the table which will then be query able

buffer = System.IO.File.ReadAllBytes(filePath); using (SqlConnection con = new SqlConnection(m.ConnectionString)) { con.Open(); using (SqlCommand cmd = new SqlCommand("insert into files
(Title, Description,Duration, FilePath, Ext,AIB) values
(@Title, @Description, @Duration, @FilePath,@Ext, @AIB)", con)) { cmd.Parameters.Add(new SqlParameter("@Title", "test title")); cmd.Parameters.Add(new SqlParameter("@Description", "test description")); cmd.Parameters.Add(new SqlParameter("@Duration", duration)); cmd.Parameters.Add(new SqlParameter("@FilePath", "assets\\" + assetName)); cmd.Parameters.Add(new SqlParameter("@Ext", ".aib")); cmd.Parameters.Add(new SqlParameter("@AIB", SqlDbType.VarBinary,
buffer.Length, ParameterDirection.Input, false, 0, 0,
"AIB", DataRowVersion.Current, (SqlBinary)buffer)); int result = cmd.ExecuteNonQuery(); tick4.Visibility = System.Windows.Visibility.Visible; } }

In the third post in this series I go over the basics of querying the table for spoken words in the source media file.

Microsoft Azure Media Indexer basics – Part 1

One of the most recent additions to Microsoft Azure Media Services is the Media Indexer which came out of Microsoft Research’s project MAVIS

In short – the Indexer is an Azure Media Services processor that performs speech-to-text on video or audio assets and produces both close-captions files and an Audio Indexer Blob (AIB) file – a binary formatted file containing the extracted text with specific location information and match ranking.

The indexer can be used simply to automate the production of closed captions for audio and video files and this could be further enhanced by leveraging Bing translation to create closed captions in multiple languages.

It does, however, support a much broader use for the enterprise – in addition to the media indexer processor the team had also released an add-on to SQL Server that plugs the AIB file processing to SQL Server’s full-text-search capability allowing clients to query AIB contents, stored as a as varbinary column in a SQL table, for text in the originating spoken content.

Making speech in audio and video files searchable is incredibly powerful, with uses for compliance and auditing (for example in financial services), proactive fraud detection, sentiment analysis for call centres and many more scenarios.

Indexing an asset involves several steps - 

  1. Creation of an input assets in media services
  2. Submitting a job with the indexer processor. This will produce an output asset with multiple files – closed captions, keywords xml and AIB.
  3. Download the output asset’s files
  4. Load the AIB file into a table in SQL Server (configured for full text search with the add-on installed)

With the AIB file loaded clients are ready to run full text search queries against the AIB column as needed.

Optionally the client (or a service wrapping the database, see coming post on that) can use the AIB Retriever class, supplied with the SQL add-on, to further analyse the AIB of a given record (found through full text search) and identify the specific locations in the asset where the queried text was found and the specific matching score for each location.

In this first post I’ll run through the first 3 steps – the basics of running the media indexer. A second post will walk through the configuration of a SQL Server environment to support the search and a third will discuss execution of the searches themselves

    1. Creating an input Asset

    The first step is to create the input asset the job should work on, in line with other Media service scenarios. An example of which can be found here.

    The one thing to note is that the asset could be a media asset or a simple file containing one or more URLs to source content.
    This second option is very interesting as it allows indexing media without having to upload it to the content store first, as long as it is accessible via a URL either anonymously or using basic authentication (a configuration file can be used to provide the credentials, more on this shortly)

    2. Submitting the indexer job

    Submitting a job start with finding the correct processor. For the media indexer the processor name is “Azure Media Indexer” and the following method can return the latest version of it -

     private static IMediaProcessor GetLatestMediaProcessorByName(string mediaProcessorName)
                var processor = _context.MediaProcessors
                                        .Where(p => p.Name == mediaProcessorName)
                                        .OrderBy(p => new Version(p.Version))
                if (processor == null)
                    throw new ArgumentException(string.Format("Unknown media processor", mediaProcessorName));
                return processor;

With a processor at hand a job can be created  -

IJob job = _context.Jobs.Create("Index asset " + assetName);

a task is added to the job, with the indexer processor provided as the first parameter and an optional configuration file provided as the second and the input and output assets are linked –

ITask task = job.Tasks.AddNew("Indexing task", indexer, configuration, TaskOptions.None);
task.OutputAssets.AddNew(assetName + ".Indexed", AssetCreationOptions.None)

The configuration file is discussed here – if empty than the default behaviour will be applied which is to process the first file in the asset provided, but the configuration file can include a list of assets to index and/or the name of an asset which is a text file containing a URL list to process (a simple list of URLs delimited by CR-LF). it can also include the username and password to use to access URLs if basic authentication is needed.

3. Download output assets

Once the job had completed the output asset’s file can be downloaded-

IAsset indexedAsset = _context.Assets.Where(a => a.Name == asset).FirstOrDefault();
            foreach (IAssetFile file in indexedAsset.AssetFiles)
                file.Download(Path.Combine(localFolder, file.Name));

This should result in 4 files downloaded for each input asset –

Two closed caption files, in two different format – ttml and smi, a keywords file – kw.xml and, crucially, the AIB file.

The closed caption files are very useful if you wanted to have CC when playing back the media file (windows media player, for example, will automatically look for and use an smi file with the same name as the original media name) or if you wanted to read the parsed text to assess the quality of the parsing.

The AIB file, however, is where the real power lies, as it holds, in binary format, the parsed text, but including accuracy scoring alongside location information and is what used to drive the full text search capability

In the next post discuss how to prepare SQL server to support loading and searching the AIB contents.

BizTalk Services and partitioned queues….

….don’t mix at the moment.

If you’re deploying a BizTalk Services project with a queue source, and are getting the error

Failed to connect to the ServiceBus using specified configuration

and/or if you have a queue destination and are getting an error that contains

This client is not supported for a partitioned entity

check whether you’re using queues that have been created with the default option to enable partitioning –


Azure Automation with Azure Active Directory Authentication

I finally got a bit of time and an excuse to test the integration of Azure Automation with Azure Active Directory authentication. This topic is very important to me for two reasons – firstly because I’m a big advocate of automation and I found the setup of automation, with certificate authentication, cumbersome and therefore a barrier of entry and secondly because using AD will tie automation very nicely to the recently announced role-based access control for Azure

So – to get started, I’ve created a use specifically for automation in the directory used to control access to my subscription. at this point in time Automation will only work with ‘organisational uses’ (i.e not a Microsoft-Account user) but that’s perfectly fine for me.

The User was created as a normal ‘User’, it did not need to be an administrator of any type.

Next, I’ve added the user as a co-admin of the subscription using the Azure Management Portal.

Following that I signed-in to the management portal with that user which gave me the opportunity to change the temporary password to a permanent one.

With the user configured and ready I entered my automation account, switched to the the Assets tab and clicked the Add Setting button on the tool bar. In the dialogue that opened I selected ‘Add Credential’


I then selected Windows Powershell Credentials as the Credential Type and entered a friendly name and description


Finally – I entered the username (which is the email address within the directory’s domain) and password


With the credentials all set-up I went on to write a simple workbook – I wanted to start all the VMs in my subscription, and so my ‘stop’ workbook looks like this –

workflow StartVMs
    $cred = Get-AutomationPSCredential -Name "Automation User"
    Add-AzureAccount -Credential $cred
    Select-AzureSubscription -SubscriptionName "<subscription name here>"
        $listVM = Get-AzureVM
            foreach ($vm in $listVM) 
                    Start-AzureVM -ServiceName $vm.ServiceName -Name $vm.Name

One of the mistakes I did initially is to specify the Azure Active Directory username when calling Get-AutomationPSCredential instead of the friendly name I assigned when creating the Credential asset which resulted in an authentication error.

Programmatic access to Azure usage data

An exciting announcement, on a boring sort of topic, landed on my mailbox just now – finally the Azure usage details, so far only available as a download through the Azure Enterprise Portal, has been made available via a REST API (its documentation is available here although somewhat unfortunately this requires access rights to the portal)

The API is very simple, and at this point only allows retrieving the list of available months as a JSON document, the usage summary for selected month, also as a JSON document and the detailed usage for a selected month as a CSV file.

Sure – this could be improved on, but it is the most basic functionality that so many customers have been asking for – the ability to programmatically, and therefore regularly, download the usage reports so that they can be reported on (and, where necessary, actioned on)

The documentation include sample code in C# and powershell which is very clear and ‘just works’, so there’s no point me repeating it here. it is a simple case of submitting an HTTP Request to a properly constructed URL and adding a bearer HTTP token with an access key generated through the EA portal itself and processing the JSON or CSV result, depending on the request issued.

I can see most organisations building either an SSIS job or similar, that downloads the data daily (it refreshes every 24 hours) and loads it into a database from which reports and alerts can be driven using existing BI capabilities or simply downloading the CSV file and storing it in a central location such as a SharePoint library to be analysed by Excel and PowerView.

Eitherway – having programmatic access to this data in a way that allows plugging it in to exiting BI practices is a powerfull thing and a well sought after capability.

Using AD for authentication between Web app and Web API

In my earlier post about the problem with ACS I promised to blog about how to configure Microsoft Azure Active Directory (MaaD) to support a client app calling a Web API using a client secret (as opposed to presenting an authentication dialogue to an interactive user).

To get started (and save me a lot of typing) I suggest you get started by reading Johan Danforth’s great blog post on how to do this for an interactive login as this is where I started)

If you follow the instructions carefully you will have a Web API published and registered with AD and you will have updated the application’s manifest file in AD to allow you to configure permissions to it in other applications in the directory)

You will also have a client app, also configured in AD (as a ‘native application’) in which you have configured permission to access the Web API and the relevant call to issue the request to AD to get the token and to the Web API bearing that token.

Crucially – you will have written very little code to do this. AD, the ADAL Nuget Package and the OWIN library (on the server side) will have done all the heavy lifting for you.

What I wanted to do is to remove the interactive user from the equation – in my scenario a user uses a web app, which in turn uses my Web API, but this is not a delegation scenario, the web app can call the web api on its own right.

To achieve this, I needed to make two changes from Johan’s example –

Firstly I needed to register my web app as a client app which isn’t a native client as a native client app in AD does not have configuration for client secret. so I’ve added a new app to my directory, made sure to select the ‘web application and/or web api application’ for the type and configured a name, APP ID and (in my case a mock) sign-on url.

I had also set the permission from my web client application to the web-api, in the same way that I did earlier for my native client.

And finally – I added a new key by selecting a duration and copied the secret (important: the key cannot be accessed after its creation, make sure to copy it)

With the AD configuration done I make the relevant changes to the client code to use the client secret rather than the interactive sign on

The original code includes the following line - 

var ar1 = ac.AcquireToken(“https://. . . WEB Api APP ID URI. . .”,
              "e9b5d821-. . .Native Client’s Client Id",
              new Uri("http:// . .  Native Client’s APP ID URI"));

so support authenticating using client secret, this needed to change to

ClientCredential cc = new ClientCredential("e9b5d821-Web Client Client ID",
"Qxc49i. . .client secret generated in AD portal"); var ar1 = ac.AcquireToken(https://. . . WEB Api APP ID URI. . .”, cc);

and with this done (the rest of the code remains unchanged), when I now run the client, rather than being prompt to authenticate the call to the web api is made and authentication is done using the client secret.

In closing, for completeness, the interaction really translates to two web requests – the first is to AD to retrieve the access token, and in my case this looks like this –

POST[1db093b3-…AD tenant ID]/oauth2/token HTTP/1.1


Content-Type: application/x-www-form-urlencoded

Content-Length: 212

grant_type=client_credentials&client_id=[e9b5d821-…client app client id]&client_secret=[Qxc49iXn…client secret]&resource=[https%3A%2F%2F…..protected resource app ID]

This request, if successful, returns a JSON response which includes a JWT token from AD that can be used in subsequent requests to the application. That subsequent requests looks like this (token trimmed for readability) –

GET http://localhost/WebApplication1/api/Values HTTP/1.1

Host: localhost

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJh……..

Finally – whilst I was experimenting with this I encountered a few errors that are worth noting here –

The one I was most confused by was

"AADSTS90014: The request body must contain the following parameter: ‘client_secret or client_assertion’."

In my case this happened when I tried to request a token from AD through my client app when it was still coded for interactive user sign-on. when the AD application used was native, using the interactive logon code worked fine, as soon as I tried to use a web api AD application without changing the code to use client_secret I got the error above.-

Final thought – ACS is slowly being embedded in AD but for the time being I find the experience a little bit fiddly and short of documentation (in particular the Manifest file manipulation) and lack of flexibility

The integration above currently only works with JWT tokens and client secret authentication (SWT is not supported I believe as is certificate based authentication) but this will be corrected over time, I’m sure.


[cross posted on the Solidsoft blog]


Get every new post delivered to your Inbox.

Join 28 other followers

%d bloggers like this: