如何实现率一个ASP.NET MVC网站的限制？ [英] How do I implement rate limiting in an ASP.NET MVC site?

问题描述

我建设，我想限制身份验证的用户如何经常使用该网站的一些功能一个ASP.NET MVC的网站。

I'm building an ASP.NET MVC site where I want to limit how often authenticated users can use some functions of the site.

虽然我知道如何限速作品从根本上，我无法想象如何实现它编程，而无需创建一个主要code气味。

Although I understand how rate-limiting works fundamentally, I can't visualize how to implement it programatically without creating a major code smell.

您可以点我走向了接近这样一个问题一个简单而强大的解决方案，用C＃示例code

如果它的事项，所有这些功能目前pssed的动作只接受 HTTP POST 前$ P $。我可能最终要实现限速 HTTP GET 的功能一样，所以我在寻找，对于所有这些情况下的解决方案。

If it matters, all of these functions are currently expressed as Actions that only accept HTTP POST. I may eventually want to implement rate-limiting for HTTP GET functions as well, so I'm looking for a solution that works for all such circumstances.

在此先感谢！

推荐答案

如果您使用的是IIS 7，你可以看看的的动态IP限制扩展。另一种可能性是实现此作为一个动作过滤器：

If you are using IIS 7 you could take a look at the Dynamic IP Restrictions Extension. Another possibility is to implement this as an action filter:

[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class RateLimitAttribute : ActionFilterAttribute
{
    public int Seconds { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        // Using the IP Address here as part of the key but you could modify
        // and use the username if you are going to limit only authenticated users
        // filterContext.HttpContext.User.Identity.Name
        var key = string.Format("{0}-{1}-{2}",
            filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
            filterContext.ActionDescriptor.ActionName,
            filterContext.HttpContext.Request.UserHostAddress
        );
        var allowExecute = false;

        if (HttpRuntime.Cache[key] == null)
        {
            HttpRuntime.Cache.Add(key,
                true,
                null,
                DateTime.Now.AddSeconds(Seconds),
                Cache.NoSlidingExpiration,
                CacheItemPriority.Low,
                null);
            allowExecute = true;
        }

        if (!allowExecute)
        {
            filterContext.Result = new ContentResult
            {
                Content = string.Format("You can call this every {0} seconds", Seconds)
            };
            filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Conflict;
        }
    }
}

和再装修，需要加以限制的动作：

And then decorate the action that needs to be limited:

[RateLimit(Seconds = 10)]
public ActionResult Index()
{
    return View();
}

这篇关于如何实现率一个ASP.NET MVC网站的限制？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！