Azure 计划程序的出站身份验证Outbound authentication for Azure Scheduler

Important

Azure 逻辑应用将替换即将停用的 Azure 计划程序。Azure Logic Apps is replacing Azure Scheduler, which is being retired. 若要继续使用在计划程序中设置的作业,请尽快迁移到 Azure 逻辑应用To continue working with the jobs that you set up in Scheduler, please migrate to Azure Logic Apps as soon as possible.

计划程序在 Azure 门户中不再可用,但 REST APIAzure 计划程序 PowerShell cmdlet 目前仍可用,以便你可以管理作业和作业集合。Scheduler is no longer available in the Azure portal, but the REST API and Azure Scheduler PowerShell cmdlets remain available at this time so that you can manage your jobs and job collections.

Azure 计划程序作业必须调用需要进行身份验证的服务,例如其他 Azure 服务、Salesforce.com、Facebook 和安全自定义网站。Azure Scheduler jobs might have to call services that require authentication, such as other Azure services, Salesforce.com, Facebook, and secure custom websites. 被调用的服务可以确定计划程序作业是否可以访问请求的资源。The called service can determine whether the Scheduler job can access the requested resources.

计划程序支持以下身份验证模型:Scheduler supports these authentication models:

  • 使用 SSL/TLS 客户端证书时的客户端证书 身份验证Client certificate authentication when using SSL/TLS client certificates
  • 基本身份验证 Basic authentication
  • Active Directory OAuth 身份验证Active Directory OAuth authentication

添加或删除身份验证Add or remove authentication

  • 若要向计划程序作业添加身份验证,请在创建或更新作业时,将 authentication JavaScript 对象表示法 (JSON) 子元素添加到 request 元素。To add authentication to a Scheduler job, when you create or update the job, add the authentication JavaScript Object Notation (JSON) child element to the request element.

    通过 authentication 对象中的 PUT、PATCH 或 POST 请求中传递给计划程序服务的机密永远不会在响应中返回。Responses never return secrets that are passed to the Scheduler service through a PUT, PATCH, or POST request in the authentication object. 响应将机密信息设置为 null,或者使用表示已经过身份验证的实体的公共令牌。Responses set secret information to null or might use a public token that represents the authenticated entity.

  • 若要从计划程序作业中删除身份验证,请在作业上显式运行 PUT 或 PATCH 请求,并将 authentication 对象设置为 null。To remove authentication from a Scheduler job, explicitly run a PUT or PATCH request on the job, and set the authentication object to null. 响应将不包含任何身份验证属性。The response won't contain any authentication properties.

客户端证书Client certificate

请求正文 - 客户端证书Request body - Client certificate

使用 ClientCertificate 模型添加身份验证时,请在请求正文中指定以下附加元素。When adding authentication using the ClientCertificate model, specify these additional elements in the request body.

元素Element 必须Required 说明Description
authentication(父元素) authentication (parent element) 使用 SSL/TLS 客户端证书的身份验证对象The authentication object for using an SSL/TLS client certificate
typetype Yes 身份验证类型。The authentication type. 对于 SSL/TLS 客户端证书,该值为 ClientCertificateFor SSL/TLS client certificates, the value is ClientCertificate.
pfxpfx Yes PFX 文件的 base64 编码内容The base64-encoded contents of the PFX file
passwordpassword Yes 用于访问 PFX 文件的密码The password for accessing the PFX file

响应正文 - 客户端证书Response body - Client certificate

发送包含身份验证信息的请求时,响应将包含以下身份验证元素。When a request is sent with authentication information, the response contains these authentication elements.

元素Element 说明Description
authentication(父元素) authentication (parent element) 使用 SSL/TLS 客户端证书的身份验证对象The authentication object for using an SSL/TLS client certificate
typetype 身份验证类型。The authentication type. 对于 SSL/TLS 客户端证书,该值为 ClientCertificateFor SSL/TLS client certificates, the value is ClientCertificate.
certificateThumbprintcertificateThumbprint 证书的指纹The certificate's thumbprint
certificateSubjectNamecertificateSubjectName 证书使用者可分辨名称The certificate subject distinguished name
certificateExpirationcertificateExpiration 证书的过期日期The certificate's expiration date

示例 REST 请求 - 客户端证书Sample REST request - Client certificate

PUT https://management.chinacloudapi.cn/subscriptions/<Azure-subscription-ID>/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.chinacloudapi.cn
Authorization: Bearer sometoken
Content-Type: application/json; charset=utf-8

{
  "properties": {
    "startTime": "2015-05-14T14:10:00Z",
    "action": {
      "request": {
        "uri": "https://mywebserviceendpoint.com",
        "method": "GET",
        "headers": {
          "x-ms-version": "2013-03-01"
        },
        "authentication": {
          "type": "clientcertificate",
          "password": "password",
          "pfx": "pfx key"
        }
      },
      "type": "http"
    },
    "recurrence": {
      "frequency": "minute",
      "endTime": "2016-04-10T08:00:00Z",
      "interval": 1
    },
    "state": "enabled"
  }
}

示例 REST 响应 - 客户端证书Sample REST response - Client certificate

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 858
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 56c7b40e-721a-437e-88e6-f68562a73aa8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 1075219e-e879-4030-bc81-094e54fbabce
x-ms-routing-request-id: CHINAEAST:20160316T190424Z:1075219e-e879-4030-bc81-094e54fbabce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:04:23 GMT

{
  "id": "/subscriptions/<Azure-subscription-ID>/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
  "type": "Microsoft.Scheduler/jobCollections/jobs",
  "name": "southeastasiajc/httpjob",
  "properties": {
    "startTime": "2015-05-14T14:10:00Z",
    "action": {
      "request": {
        "uri": "https://mywebserviceendpoint.com",
        "method": "GET",
        "headers": {
          "x-ms-version": "2013-03-01"
        },
        "authentication": {
          "certificateThumbprint": "88105CG9DF9ADE75B835711D899296CB217D7055",
          "certificateExpiration": "2021-01-01T07:00:00Z",
          "certificateSubjectName": "CN=Scheduler Mgmt",
          "type": "ClientCertificate"
        }
      },
      "type": "http"
    },
    "recurrence": {
      "frequency": "minute",
      "endTime": "2016-04-10T08:00:00Z",
      "interval": 1
    },
    "state": "enabled",
    "status": {
      "nextExecutionTime": "2016-03-16T19:05:00Z",
      "executionCount": 0,
      "failureCount": 0,
      "faultedCount": 0
    }
  }
}

基本Basic

请求正文 - 基本Request body - Basic

使用 Basic 模型添加身份验证时,请在请求正文中指定以下附加元素。When adding authentication using the Basic model, specify these additional elements in the request body.

元素Element 必须Required 说明Description
authentication(父元素) authentication (parent element) 用于使用基本身份验证的身份验证对象The authentication object for using Basic authentication
typetype Yes 身份验证类型。The authentication type. 对于基本身份验证,该值为 BasicFor Basic authentication, the value is Basic.
usernameusername Yes 要进行身份验证的用户名The username to authenticate
passwordpassword Yes 要进行身份验证的密码The password to authenticate

响应正文 - 基本Response body - Basic

发送包含身份验证信息的请求时,响应将包含以下身份验证元素。When a request is sent with authentication information, the response contains these authentication elements.

元素Element 说明Description
authentication(父元素) authentication (parent element) 用于使用基本身份验证的身份验证对象The authentication object for using Basic authentication
typetype 身份验证类型。The authentication type. 对于基本身份验证,该值为 BasicFor basic authentication, the value is Basic.
usernameusername 经过身份验证的用户名The authenticated username

示例 REST 请求 - 基本Sample REST request - Basic

PUT https://management.chinacloudapi.cn/subscriptions/<Azure-subscription-ID>/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.chinacloudapi.cn
Authorization: Bearer sometoken
Content-Length: 562
Content-Type: application/json; charset=utf-8

{
  "properties": {
    "startTime": "2015-05-14T14:10:00Z",
    "action": {
      "request": {
        "uri": "https://mywebserviceendpoint.com",
        "method": "GET",
        "headers": {
          "x-ms-version": "2013-03-01"
        },
        "authentication": {
          "type": "basic",
          "username": "user",
          "password": "password"
        }
      },
      "type": "http"
    },
    "recurrence": {
      "frequency": "minute",
      "endTime": "2016-04-10T08:00:00Z",
      "interval": 1
    },
    "state": "enabled"
  }
}

示例 REST 响应 - 基本Sample REST response - Basic

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 701
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: a2dcb9cd-1aea-4887-8893-d81273a8cf04
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 7816f222-6ea7-468d-b919-e6ddebbd7e95
x-ms-routing-request-id: CHINAEAST:20160316T190506Z:7816f222-6ea7-468d-b919-e6ddebbd7e95
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:05:06 GMT

{  
   "id":"/subscriptions/<Azure-subscription-ID>/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
   "type":"Microsoft.Scheduler/jobCollections/jobs",
   "name":"southeastasiajc/httpjob",
   "properties":{  
      "startTime":"2015-05-14T14:10:00Z",
      "action":{  
         "request":{  
            "uri":"https://mywebserviceendpoint.com",
            "method":"GET",
            "headers":{  
               "x-ms-version":"2013-03-01"
            },
            "authentication":{  
               "username":"user1",
               "type":"Basic"
            }
         },
         "type":"Http"
      },
      "recurrence":{  
         "frequency":"Minute",
         "endTime":"2016-04-10T08:00:00Z",
         "interval":1
      },
      "state":"Enabled",
      "status":{  
         "nextExecutionTime":"2016-03-16T19:06:00Z",
         "executionCount":0,
         "failureCount":0,
         "faultedCount":0
      }
   }
}

Active Directory OAuthActive Directory OAuth

请求正文 - Active Directory OAuthRequest body - Active Directory OAuth

使用 ActiveDirectoryOAuth 模型添加身份验证时,请在请求正文中指定以下附加元素。When adding authentication using the ActiveDirectoryOAuth model, specify these additional elements in the request body.

元素Element 必须Required 说明Description
authentication(父元素) authentication (parent element) Yes 用于使用 ActiveDirectoryOAuth 身份验证的身份验证对象The authentication object for using ActiveDirectoryOAuth authentication
typetype Yes 身份验证类型。The authentication type. 对于 ActiveDirectoryOAuth 身份验证,该值为 ActiveDirectoryOAuthFor ActiveDirectoryOAuth authentication, the value is ActiveDirectoryOAuth.
tenanttenant Yes Azure AD 租户的租户标识符。The tenant identifier for the Azure AD tenant. 若要找到 Azure AD 租户的租户标识符,请在 Azure PowerShell 中运行 Get-AzureAccountTo find the tenant identifier for the Azure AD tenant, run Get-AzureAccount in Azure PowerShell.
audienceaudience Yes 此值设置为 https://management.core.chinacloudapi.cn/This value is set to https://management.core.chinacloudapi.cn/.
clientIdclientId Yes Azure AD 应用程序的客户端标识符The client identifier for the Azure AD application
secretsecret Yes 正在请求令牌的客户端的机密The secret for the client that is requesting the token

响应正文 - Active Directory OAuthResponse body - Active Directory OAuth

发送包含身份验证信息的请求时,响应将包含以下身份验证元素。When a request is sent with authentication information, the response contains these authentication elements.

元素Element 说明Description
authentication(父元素) authentication (parent element) 用于使用 ActiveDirectoryOAuth 身份验证的身份验证对象The authentication object for using ActiveDirectoryOAuth authentication
typetype 身份验证类型。The authentication type. 对于 ActiveDirectoryOAuth 身份验证,该值为 ActiveDirectoryOAuthFor ActiveDirectoryOAuth authentication, the value is ActiveDirectoryOAuth.
tenanttenant Azure AD 租户的租户标识符The tenant identifier for the Azure AD tenant
audienceaudience 此值设置为 https://management.core.chinacloudapi.cn/This value is set to https://management.core.chinacloudapi.cn/.
clientIdclientId Azure AD 应用程序的客户端标识符The client identifier for the Azure AD application

示例 REST 请求 - Active Directory OAuthSample REST request - Active Directory OAuth

PUT https://management.chinacloudapi.cn/subscriptions/<Azure-subscription-ID>/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.chinacloudapi.cn
Authorization: Bearer sometoken
Content-Length: 757
Content-Type: application/json; charset=utf-8

{
  "properties": {
    "startTime": "2015-05-14T14:10:00Z",
    "action": {
      "request": {
        "uri": "https://mywebserviceendpoint.com",
        "method": "GET",
        "headers": {
          "x-ms-version": "2013-03-01"
        },
        "authentication": {
          "tenant":"microsoft.onmicrosoft.com",
          "audience":"https://management.core.chinacloudapi.cn/",
          "clientId":"dc23e764-9be6-4a33-9b9a-c46e36f0c137",
          "secret": "G6u071r8Gjw4V4KSibnb+VK4+tX399hkHaj7LOyHuj5=",
          "type":"ActiveDirectoryOAuth"
        }
      },
      "type": "Http"
    },
    "recurrence": {
      "frequency": "Minute",
      "endTime": "2016-04-10T08:00:00Z",
      "interval": 1
    },
    "state": "Enabled"
  }
}

示例 REST 响应 - Active Directory OAuthSample REST response - Active Directory OAuth

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 885
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 86d8e9fd-ac0d-4bed-9420-9baba1af3251
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 5183bbf4-9fa1-44bb-98c6-6872e3f2e7ce
x-ms-routing-request-id: CHINAEAST:20160316T191003Z:5183bbf4-9fa1-44bb-98c6-6872e3f2e7ce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:10:02 GMT

{
   "id": "/subscriptions/<Azure-subscription-ID>/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
   "type": "Microsoft.Scheduler/jobCollections/jobs",
   "name": "southeastasiajc/httpjob",
   "properties": {
      "startTime": "2015-05-14T14:10:00Z",
      "action": {  
         "request": {
            "uri": "https://mywebserviceendpoint.com",
            "method": "GET",
            "headers": {  
               "x-ms-version": "2013-03-01"
            },
            "authentication": {  
               "tenant": "microsoft.onmicrosoft.com",
               "audience": "https://management.core.chinacloudapi.cn/",
               "clientId": "dc23e764-9be6-4a33-9b9a-c46e36f0c137",
               "type": "ActiveDirectoryOAuth"
            }
         },
         "type": "Http"
      },
      "recurrence": {  
         "frequency": "minute",
         "endTime": "2016-04-10T08:00:00Z",
         "interval": 1
      },
      "state": "Enabled",
      "status": {  
         "lastExecutionTime": "2016-03-16T19:10:00.3762123Z",
         "nextExecutionTime": "2016-03-16T19:11:00Z",
         "executionCount": 5,
         "failureCount": 5,
         "faultedCount": 1
      }
   }
}

后续步骤Next steps