How do I implement rate limiting in an ASP.NET MVC site?
I\'m building an ASP.NET MVC site where I want to limit how often authenticated users can use some functions of the site.
Although I understand how rate-limiting wor
-
If you are using IIS 7 you could take a look at the Dynamic IP Restrictions Extension. Another possibility is to implement this as an action filter:
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)] public class RateLimitAttribute : ActionFilterAttribute { public int Seconds { get; set; } public override void OnActionExecuting(ActionExecutingContext filterContext) { // Using the IP Address here as part of the key but you could modify // and use the username if you are going to limit only authenticated users // filterContext.HttpContext.User.Identity.Name var key = string.Format("{0}-{1}-{2}", filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, filterContext.ActionDescriptor.ActionName, filterContext.HttpContext.Request.UserHostAddress ); var allowExecute = false; if (HttpRuntime.Cache[key] == null) { HttpRuntime.Cache.Add(key, true, null, DateTime.Now.AddSeconds(Seconds), Cache.NoSlidingExpiration, CacheItemPriority.Low, null); allowExecute = true; } if (!allowExecute) { filterContext.Result = new ContentResult { Content = string.Format("You can call this every {0} seconds", Seconds) }; filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Conflict; } } }And then decorate the action that needs to be limited:
[RateLimit(Seconds = 10)] public ActionResult Index() { return View(); }讨论(0) -
Have a look at Jarrod's answer on how they do this on SO.
StackOverflow MVC Throttling
Some example code as well as explanation on how it works.
讨论(0)
加载中...
- 热议问题