可复原的最终用户体验Resilient end-user experience

注册和登录最终用户体验由以下几个元素组成:The sign-up and sign-in end-user experience is made up of the following elements:

  • 用户与之交互的界面 - 例如 CSS、HTML 和 JavaScriptThe interfaces the user interacts with - such as CSS, HTML, and JavaScript

  • 用户流和你创建的自定义策略 - 例如注册、登录和配置文件编辑The user flows and custom policies you create - such as sign-up, sign-in, and profile edit

  • 应用程序的标识提供者 (IDP) - 例如本地帐户用户名/密码和 OutlookThe identity providers (IDPs) for your application - such as local account username/password and Outlook

图像显示了最终用户体验组件

在用户流和自定义策略之间进行选择Choose between user flow and custom policy

为帮助你设置最常见的标识任务,Azure AD B2C 提供了内置的可配置用户流To help you set up the most common identity tasks, Azure AD B2C provides built-in configurable user flows. 你还可以构建你自己的自定义策略,这些策略为你提供最大的灵活性。You can also build your own custom policies, that offers you maximum flexibility. 但是,建议你仅使用自定义策略来处理复杂的情况。However, it's recommended to use custom policies only to address complex scenarios.

如何在用户流与自定义策略之间做出选择How to decide between user flow and custom policy

如果内置用户流可以满足你的业务需求,请选择内置用户流。Choose built-in user flows if your business requirements can be met by them. 由于 Microsoft 进行了广泛的测试,因此你可以最大限度地减少验证这些标识用户流的策略级功能、性能或缩放所需的测试。Since extensively tested by Microsoft, you can minimize the testing needed for validating policy-level functional, performance, or scale of these identity user flows. 你仍需测试应用程序的功能、性能和缩放。You still need to test your applications for functionality, performance, and scale.

如果你由于业务需求而选择自定义策略,则除了应用程序级测试外,还请确保对功能、性能或缩放执行策略级测试。Should you choose custom policies because of your business requirements, make sure you perform policy-level testing for functional, performance, or scale in addition to application-level testing.

请参阅比较用户流和自定义策略一文来做出决定。See the article that compares user flows and custom polices to help you decide.

选择多个 IDPChoose multiple IDPs

使用外部标识提供者时,请务必在外部提供者变得不可用的情况下使用回退计划。When using an external identity provider, make sure to have a fallback plan in case the external provider becomes unavailable.

如何设置多个 IDPHow to set up multiple IDPs

在注册外部标识提供者的过程中,请包括已验证的标识声明,例如用户的手机号码或电子邮件地址。As part of the external identity provider registration process, include a verified identity claim such as the user’s mobile number or email address. 将已验证的声明提交到基础 Azure AD B2C 目录实例。Commit the verified claims to the underlying Azure AD B2C directory instance. 如果外部提供者不可用,则恢复使用已验证的标识声明,并回退到使用电话号码作为身份验证方法。If the external provider is unavailable, revert to the verified identity claim, and fall back to the phone number as an authentication method. 另一个选项是向用户发送一次性密码,以允许用户登录。Another option is to send the user a one-time passcode to allow the user to sign in..

请按照以下步骤生成备用身份验证路径Follow these steps to build alternate authentication paths:

  1. 配置你的注册策略,以允许通过本地帐户和外部 IDP 进行注册。Configure your sign-up policy to allow sign up by local account and external IDPs.

  2. 配置一个配置文件策略,以允许用户在登录后将其他标识关联到帐户Configure a profile policy to allow users to link the other identity to their account after they sign in.

  3. 通知并允许用户在中断期间切换到备用 IDP。Notify and allow users to switch to an alternate IDP during an outage.

使用内容分发网络Use a content delivery network

内容分发网络 (CDN) 具有更好的性能,并且用来存储自定义用户流 UI 比 Blob 存储更便宜。Content delivery networks (CDNs) are better performant and less expensive than blob stores for storage of custom user flow UI. 网页内容将通过地理上分布的高可用性服务器网络更快地分发。The web page content is delivered faster from a geographically distributed network of highly available servers.

请定期通过端到端方案和负载测试来测试你的 CDN 的可用性和内容分发性能。Periodically test your CDN’s availability and the performance of content distribution through end-to-end scenario and load testing. 如果为即将到来的流量激增(由于促销或假日流量)进行规划,请修改你用于负载测试的估计值。If you're planning for an upcoming surge because of promotion or holiday traffic, revise your estimates for load testing.

后续步骤Next steps