| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Scheduler Outbound Authentication |
Scheduler Outbound Authentication |
scheduler |
.NET |
derek1ee |
kevinlam1 |
6707f82b-7e32-401b-a960-02aae7bb59cc |
scheduler |
infrastructure-services |
na |
dotnet |
article |
08/15/2016 |
deli |
Scheduler jobs may need to call out to services that require authentication. This way, a called service can determine if the Scheduler job can access its resources. Some of these services include other Azure services, Salesforce.com, Facebook, and secure custom websites.
Adding authentication to a Scheduler job is simple – add a JSON child element authentication to the request element when creating or updating a job. Secrets passed to the Scheduler service in a PUT, PATCH, or POST request – as part of the authentication object – are never returned in responses. In responses, secret information is set to null or may have a public token that represents the authenticated entity.
To remove authentication, PUT or PATCH the job explicitly, setting the authentication object to null. You will not see any authentication properties back in response.
Currently, the only supported authentication types are the ClientCertificate model (for using the SSL/TLS client certificates), the Basic model (for Basic authentication), and the ActiveDirectoryOAuth model (for Active Directory OAuth authentication.)
When adding authentication using the ClientCertificate model, specify the following additional elements in the request body.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using an SSL client certificate. |
| type | Required. Type of authentication.For SSL client certificates, the value must be ClientCertificate. |
| pfx | Required. Base64-encoded contents of the PFX file. |
| password | Required. Password to access the PFX file. |
When a request is sent with authentication info, the response contains the following authentication-related elements.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using an SSL client certificate. |
| type | Type of authentication. For SSL client certificates, the value is ClientCertificate. |
| certificateThumbprint | The thumbprint of the certificate. |
| certificateSubjectName | The subject distinguished name of the certificate. |
| certificateExpiration | The expiration date of the certificate. |
PUT https://management.azure.com/subscriptions/1fe0abdf-581e-4dfe-9ec7-e5cb8e7b205e/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.azure.com
Authorization: Bearer sometoken
Content-Type: application/json; charset=utf-8
{
"properties": {
"startTime": "2015-05-14T14:10:00Z",
"action": {
"request": {
"uri": "https://mywebserviceendpoint.com",
"method": "GET",
"headers": {
"x-ms-version": "2013-03-01"
},
"authentication": {
"type": "clientcertificate",
"password": "password",
"pfx": "pfx key"
}
},
"type": "http"
},
"recurrence": {
"frequency": "minute",
"endTime": "2016-04-10T08:00:00Z",
"interval": 1
},
"state": "enabled",
}
}
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 858
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 56c7b40e-721a-437e-88e6-f68562a73aa8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 1075219e-e879-4030-bc81-094e54fbabce
x-ms-routing-request-id: WESTUS:20160316T190424Z:1075219e-e879-4030-bc81-094e54fbabce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:04:23 GMT
{
"id": "/subscriptions/1fe0abdf-581e-4dfe-9ec7-e5cb8e7b205e/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
"type": "Microsoft.Scheduler/jobCollections/jobs",
"name": "southeastasiajc/httpjob",
"properties": {
"startTime": "2015-05-14T14:10:00Z",
"action": {
"request": {
"uri": "https://mywebserviceendpoint.com",
"method": "GET",
"headers": {
"x-ms-version": "2013-03-01"
},
"authentication": {
"certificateThumbprint": "88105CG9DF9ADE75B835711D899296CB217D7055",
"certificateExpiration": "2021-01-01T07:00:00Z",
"certificateSubjectName": "CN=Scheduler Mgmt",
"type": "ClientCertificate"
}
},
"type": "http"
},
"recurrence": {
"frequency": "minute",
"endTime": "2016-04-10T08:00:00Z",
"interval": 1
},
"state": "enabled",
"status": {
"nextExecutionTime": "2016-03-16T19:05:00Z",
"executionCount": 0,
"failureCount": 0,
"faultedCount": 0
}
}
}
When adding authentication using the Basic model, specify the following additional elements in the request body.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using Basic authentication. |
| type | Required. Type of authentication. For Basic authentication, the value must be Basic. |
| username | Required. Username to authenticate. |
| password | Required. Password to authenticate. |
When a request is sent with authentication info, the response contains the following authentication-related elements.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using Basic authentication. |
| type | Type of authentication. For Basic authentication, the value is Basic. |
| username | The authenticated username. |
PUT https://management.azure.com/subscriptions/1d908808-e491-4fe5-b97e-29886e18efd4/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.azure.com
Authorization: Bearer sometoken
Content-Length: 562
Content-Type: application/json; charset=utf-8
{
"properties": {
"startTime": "2015-05-14T14:10:00Z",
"action": {
"request": {
"uri": "https://mywebserviceendpoint.com",
"method": "GET",
"headers": {
"x-ms-version": "2013-03-01"
},
"authentication": {
"type": "basic",
"username": "user",
"password": "password"
}
},
"type": "http"
},
"recurrence": {
"frequency": "minute",
"endTime": "2016-04-10T08:00:00Z",
"interval": 1
},
"state": "enabled",
}
}
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 701
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: a2dcb9cd-1aea-4887-8893-d81273a8cf04
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 7816f222-6ea7-468d-b919-e6ddebbd7e95
x-ms-routing-request-id: WESTUS:20160316T190506Z:7816f222-6ea7-468d-b919-e6ddebbd7e95
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:05:06 GMT
{
"id":"/subscriptions/1d908808-e491-4fe5-b97e-29886e18efd4/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
"type":"Microsoft.Scheduler/jobCollections/jobs",
"name":"southeastasiajc/httpjob",
"properties":{
"startTime":"2015-05-14T14:10:00Z",
"action":{
"request":{
"uri":"https://mywebserviceendpoint.com",
"method":"GET",
"headers":{
"x-ms-version":"2013-03-01"
},
"authentication":{
"username":"user1",
"type":"Basic"
}
},
"type":"http"
},
"recurrence":{
"frequency":"minute",
"endTime":"2016-04-10T08:00:00Z",
"interval":1
},
"state":"enabled",
"status":{
"nextExecutionTime":"2016-03-16T19:06:00Z",
"executionCount":0,
"failureCount":0,
"faultedCount":0
}
}
}
When adding authentication using the ActiveDirectoryOAuth model, specify the following additional elements in the request body.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using ActiveDirectoryOAuth authentication. |
| type | Required. Type of authentication. For ActiveDirectoryOAuth authentication, the value must be ActiveDirectoryOAuth. |
| tenant | Required. The tenant identifier for the Azure AD tenant. |
| audience | Required. This is set to https://management.core.windows.net/. |
| clientId | Required. Provide the client identifier for the Azure AD application. |
| secret | Required. Secret of the client that is requesting the token. |
You can find the tenant identifier for the Azure AD tenant by running Get-AzureAccount in Azure PowerShell.
When a request is sent with authentication info, the response contains the following authentication-related elements.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using ActiveDirectoryOAuth authentication. |
| type | Type of authentication. For ActiveDirectoryOAuth authentication, the value is ActiveDirectoryOAuth. |
| tenant | The tenant identifier for the Azure AD tenant. |
| audience | This is set to https://management.core.windows.net/. |
| clientId | The client identifier for the Azure AD application. |
PUT https://management.azure.com/subscriptions/1d908808-e491-4fe5-b97e-29886e18efd4/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.azure.com
Authorization: Bearer sometoken
Content-Length: 757
Content-Type: application/json; charset=utf-8
{
"properties": {
"startTime": "2015-05-14T14:10:00Z",
"action": {
"request": {
"uri": "https://mywebserviceendpoint.com",
"method": "GET",
"headers": {
"x-ms-version": "2013-03-01"
},
"authentication": {
"tenant":"microsoft.onmicrosoft.com",
"audience":"https://management.core.windows.net/",
"clientId":"dc23e764-9be6-4a33-9b9a-c46e36f0c137",
"secret": "G6u071r8Gjw4V4KSibnb+VK4+tX399hkHaj7LOyHuj5=",
"type":"ActiveDirectoryOAuth"
}
},
"type": "http"
},
"recurrence": {
"frequency": "minute",
"endTime": "2016-04-10T08:00:00Z",
"interval": 1
},
"state": "enabled",
}
}
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 885
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 86d8e9fd-ac0d-4bed-9420-9baba1af3251
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 5183bbf4-9fa1-44bb-98c6-6872e3f2e7ce
x-ms-routing-request-id: WESTUS:20160316T191003Z:5183bbf4-9fa1-44bb-98c6-6872e3f2e7ce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:10:02 GMT
{
"id":"/subscriptions/1d908808-e491-4fe5-b97e-29886e18efd4/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
"type":"Microsoft.Scheduler/jobCollections/jobs",
"name":"southeastasiajc/httpjob",
"properties":{
"startTime":"2015-05-14T14:10:00Z",
"action":{
"request":{
"uri":"https://mywebserviceendpoint.com",
"method":"GET",
"headers":{
"x-ms-version":"2013-03-01"
},
"authentication":{
"tenant":"microsoft.onmicrosoft.com",
"audience":"https://management.core.windows.net/",
"clientId":"dc23e764-9be6-4a33-9b9a-c46e36f0c137",
"type":"ActiveDirectoryOAuth"
}
},
"type":"http"
},
"recurrence":{
"frequency":"minute",
"endTime":"2016-04-10T08:00:00Z",
"interval":1
},
"state":"enabled",
"status":{
"lastExecutionTime":"2016-03-16T19:10:00.3762123Z",
"nextExecutionTime":"2016-03-16T19:11:00Z",
"executionCount":5,
"failureCount":5,
"faultedCount":1
}
}
}
Azure Scheduler concepts, terminology, and entity hierarchy
Get started using Scheduler in the Azure portal
Plans and billing in Azure Scheduler
Azure Scheduler REST API reference
Azure Scheduler PowerShell cmdlets reference