当前位置: 文江博客话题详情

如何在 ASP.NET MVC 站点中实施速率限制?

发布于 2024-09-06 13:14:03 字数 307 浏览 9 评论 0原文

我正在构建一个 ASP.NET MVC 站点,我想在其中限制经过身份验证的用户使用该站点某些功能的频率。

尽管我了解速率限制从根本上是如何工作的,但我无法想象如何在不产生主要代码味道的情况下以编程方式实现它。

您能否使用 C# 示例代码为我指出一个简单但功能强大的解决方案来解决此类问题

如果重要的话,所有这些功能目前都表示为仅接受 HTTP POST 的操作。我最终可能还想对 HTTP GET 函数实现速率限制,因此我正在寻找一种适用于所有此类情况的解决方案。

原文

I'm building an ASP.NET MVC site where I want to limit how often authenticated users can use some functions of the site.

Although I understand how rate-limiting works fundamentally, I can't visualize how to implement it programatically without creating a major code smell.

Can you point me towards a simple yet powerful solution for approaching such a problem, with C# sample code?

If it matters, all of these functions are currently expressed as Actions that only accept HTTP POST. I may eventually want to implement rate-limiting for HTTP GET functions as well, so I'm looking for a solution that works for all such circumstances.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

待天淡蓝洁白时 2024-09-13 13:14:03

如果您使用的是 IIS 7,您可以查看动态IP 限制扩展。另一种可能性是将其实现为动作过滤器:

[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class RateLimitAttribute : ActionFilterAttribute
{
    public int Seconds { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        // Using the IP Address here as part of the key but you could modify
        // and use the username if you are going to limit only authenticated users
        // filterContext.HttpContext.User.Identity.Name
        var key = string.Format("{0}-{1}-{2}",
            filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
            filterContext.ActionDescriptor.ActionName,
            filterContext.HttpContext.Request.UserHostAddress
        );
        var allowExecute = false;

        if (HttpRuntime.Cache[key] == null)
        {
            HttpRuntime.Cache.Add(key,
                true,
                null,
                DateTime.Now.AddSeconds(Seconds),
                Cache.NoSlidingExpiration,
                CacheItemPriority.Low,
                null);
            allowExecute = true;
        }

        if (!allowExecute)
        {
            filterContext.Result = new ContentResult
            {
                Content = string.Format("You can call this every {0} seconds", Seconds)
            };
            filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Conflict;
        }
    }
}

然后装饰需要限制的动作:

[RateLimit(Seconds = 10)]
public ActionResult Index()
{
    return View();
}

If you are using IIS 7 you could take a look at the Dynamic IP Restrictions Extension. Another possibility is to implement this as an action filter:

[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class RateLimitAttribute : ActionFilterAttribute
{
    public int Seconds { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        // Using the IP Address here as part of the key but you could modify
        // and use the username if you are going to limit only authenticated users
        // filterContext.HttpContext.User.Identity.Name
        var key = string.Format("{0}-{1}-{2}",
            filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
            filterContext.ActionDescriptor.ActionName,
            filterContext.HttpContext.Request.UserHostAddress
        );
        var allowExecute = false;

        if (HttpRuntime.Cache[key] == null)
        {
            HttpRuntime.Cache.Add(key,
                true,
                null,
                DateTime.Now.AddSeconds(Seconds),
                Cache.NoSlidingExpiration,
                CacheItemPriority.Low,
                null);
            allowExecute = true;
        }

        if (!allowExecute)
        {
            filterContext.Result = new ContentResult
            {
                Content = string.Format("You can call this every {0} seconds", Seconds)
            };
            filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Conflict;
        }
    }
}

And then decorate the action that needs to be limited:

[RateLimit(Seconds = 10)]
public ActionResult Index()
{
    return View();
}
回复 原文
银河中√捞星星 2024-09-13 13:14:03

看看 Jarrod 的回答,了解他们如何在 SO 上做到这一点。

StackOverflow MVC 限制

一些示例代码以及其工作原理的解释。

Have a look at Jarrod's answer on how they do this on SO.

StackOverflow MVC Throttling

Some example code as well as explanation on how it works.

回复 原文
日暮斜阳 2024-09-13 13:14:03

.Net 6

看看:

Nuget:
https://www.nuget.org/packages/DotNetRateLimiter/

这很简单

[HttpGet("")]
[RateLimit(PeriodInSec = 60, Limit = 3)]
public IEnumerable<WeatherForecast> Get()
{
    ....
}

:甚至您可以通过路由或查询参数控制请求:

[HttpGet("by-query/{id}")]
[RateLimit(PeriodInSec = 60, Limit = 3, RouteParams = "id", QueryParams = "name,family")]
public IEnumerable<WeatherForecast> Get(int id, string name, [FromQuery] List<string> family)
{
    ....
}

.Net 6

Check it out:

Nuget:
https://www.nuget.org/packages/DotNetRateLimiter/

It is simple:

[HttpGet("")]
[RateLimit(PeriodInSec = 60, Limit = 3)]
public IEnumerable<WeatherForecast> Get()
{
    ....
}

And even you can control request by route or query parameters:

[HttpGet("by-query/{id}")]
[RateLimit(PeriodInSec = 60, Limit = 3, RouteParams = "id", QueryParams = "name,family")]
public IEnumerable<WeatherForecast> Get(int id, string name, [FromQuery] List<string> family)
{
    ....
}
回复 原文
~没有更多了~

关于作者

阿楠

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文