Request throttling in .NET Core MVC

Stop light

Why do I need to throttle usage?

Security in apis are important and we might not want the apis we build to be overly used. This could be to prevent DDoS attacks or to make sure no one tries to brute-force-use your api. To solve this problem I built a small attribute function that allows for throttling of a specific endpoint.

When I started writing this i got alot of inspiration from this post on stack overflow.

Attribute code

Here is the code for the throttling attribute

Example usage

[Route("api/[controller]")]
public class ActionsController : Controller
{
    // GET /api/actions/throttle
    [HttpGet("throttle")]
    // Only allow access every 5 seconds
    [Throttle(Name = "ThrottleTest", Seconds = 5)]
    public object GetThrottle() => new
    {
        Message = "OK!"
    };
}
Share post
About Johan Boström

I'm a system architect, developer and solution expert, with experience in web-, application-, server- and windows service development with main focus on .NET / C#. Special skills with many kinds of CMS-tools, like EPiServer, Umbraco and Litium Studio.

Comments

Related posts

basic-auth

So you want to secure your api or you mvc application? And you want to keep it really simple! Well then Basic Auth might be just right for you!