我对此处定义的Azure AD B2C的定价结构感到困惑。 问题似乎来自这个描述:
验证:响应于用户发起的登录请求发出的令牌,或者由代表用户的应用程序发起的令牌(例如令牌刷新,其中刷新间隔是可配置的)。
在我的租户/应用程序的Azure AD B2C设置中,我定义了一个SignInUp策略,然后选择了访问/ ID令牌的生命周期(最多24小时),以及刷新令牌(最多90天),然后刷新滑动窗口边界(最多365天或没有到期)。 这与我根据身份验证定价收取的身份验证有何关系?
例如,如果我将我的访问/ ID令牌设置为24小时并将我的刷新令牌设置为90天并且我使用MSAL库来获取AcquireTokenSilentlyAsync并且我有一个用户每天进入应用程序,我是否会收取30个身份验证费用用户每月,或只是1次身份验证,因为刷新令牌尚未过期?
这在成本上有很大差异,我是否可以将B2C用于我的应用验证需求。 例如,每天100,000个用户,如果我每月只收取1次认证费用,如果我的刷新令牌设置为90天,最终每月平均花费约50美元,而如果它每24小时收取一次认证费用,将收取每月6300美元的费用! 对此有任何澄清表示赞赏。
I am confused by the pricing structure for Azure AD B2C defined here. The question seems to arise from this description:
Authentications: Tokens issued either in response to a sign-in request initiated by a user, or initiated by an application on behalf of a user (e.g. token refresh, where the refresh interval is configurable).
In Azure AD B2C settings for my tenant / application, I define a SignInUp policy and then have options for the lifetime of the Access / ID Token (maximum 24 hours), as well as the Refresh token (maximum 90 days) and then the refresh sliding window boundary (up to 365 days or no expiry). How does this relate to authentications I would get charged for under the authentication pricing?
For example, if I set my Access / ID Token to 24 hours and my Refresh token to 90 days and I use the MSAL library to AcquireTokenSilentlyAsync and I have a user who gets into the app every day, will I get charged 30 authentications for that user per month, or just 1 authentication because the refresh token has not yet expired?
This makes a huge difference in cost and whether I can use B2C for my app authentication needs. For instance at 100,000 daily users, if I only get charged 1 authentication per month, it will end up costing an average of about $50 per month if my Refresh tokens are set to 90 days, whereas if it charges an authentication every 24 hours, I would get charged $6300 per month! Any clarification on this is appreciated.
最满意答案
让我从定价网站的片段中添加一些说明,然后进一步解释。 修订: 身份验证: ID令牌或访问令牌 ,用于响应用户发起的登录请求,或由应用程序代表用户发起以获取新的ID令牌或新访问令牌 (例如刷新时)应用程序使用令牌,其中刷新间隔是可配置的)。
ID令牌的最长生命周期为24小时。 假设您将ID TOKEN生命周期设置为24小时,那么每天使用您的应用程序30天的用户将至少进行30次身份验证。
如果您将ID令牌生命周期设置为1小时,并且所述用户经常使用您的应用程序12小时,那么当天最多可以添加12个令牌。
相反,刷新令牌是“免费的”。 它为ID TOKEN交换刷新令牌,导致身份验证费用。
何塞
I received an answer from Microsoft Azure support as follows:
I have reviewed your case and I understand that you have query regarding B2C Pricing. I would like to inform you that, the Tokens issued either in response to a sign-in request initiated by a user, or initiated by an application on behalf of a user. Please find the pricing details as mentioned below: https://azure.microsoft.com/en-us/pricing/calculator/?service=active-directory-b2c So if the user or an application, sign-in’s per day one time, hence, it would be charged 30 authentications for that user per month and Also, upto First 50,000 user or an application sign-in’s are free
I sent a follow up for clarification:
So, just for clarification, even if it is the refresh token that is used (which is good for 90 days if setup that way), that still charges as an 'authentication'? This makes B2C extremely expensive and there is no way that the Real Madrid example case is true, as they would be spending $10,000,000 a year or more just for authentications. Microsoft will never get indie developers to be able to use this, and it will be out of the price range of most medium businesses as well. It is nowhere near competitive with Auth0, which for 50k users a month and UNLIMITED authentications, costs just $850.
And received the following response:
Your suggestion are really important for us to make improvements for our product and services. I would recommend that you open the feedback link and provide us your valuable feedback. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Windows Azure.
https://feedback.azure.com/forums/223579-azure-portal/suggestions/18796606-lower-the-price-of-ad-b2c
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/10986063-reduce-pricing-for-azure-ad-b2c
https://feedback.azure.com/forums/34192--general-feedback/suggestions/15434943-azure-active-directory-b2c-don-t-charge-for-token
If you look at these feedback, they have not gotten many votes or action in a year, so please, if you want B2C as a viable option for indie developers or small / mid size companies, go vote!
更多推荐
发布评论