如何在ASP中实现速率限制。净MVC网站吗?

[英]How do I implement rate limiting in an ASP.NET MVC site?

本文翻译自 Maxim Zaslavsky 查看原文 2010/06/21 6759 c#/ asp.net-mvc/ rate-limiting/ asp.net/ limit

I'm building an ASP.NET MVC site where I want to limit how often authenticated users can use some functions of the site.

我建立一个ASP。NET MVC站点，我想限制经过身份验证的用户使用站点的某些功能的频率。

Although I understand how rate-limiting works fundamentally, I can't visualize how to implement it programatically without creating a major code smell.

虽然我从根本上理解了限速是如何工作的，但是如果不创建一种主要的代码味道，我就无法想象如何程序化地实现它。

Can you point me towards a simple yet powerful solution for approaching such a problem, with C# sample code?

您能给我指出一个简单而强大的解决方案，用c#示例代码来解决这个问题吗?

If it matters, all of these functions are currently expressed as Actions that only accept HTTP POST. I may eventually want to implement rate-limiting for HTTP GET functions as well, so I'm looking for a solution that works for all such circumstances.

如果重要的话，所有这些函数目前都表示为只接受HTTP POST的操作。我可能最终也想为HTTP GET函数实现限速，所以我正在寻找一种适用于所有这些情况的解决方案。

2 个解决方案

#1

If you are using IIS 7 you could take a look at the Dynamic IP Restrictions Extension. Another possibility is to implement this as an action filter:

如果您正在使用IIS 7，您可以查看动态IP限制扩展。另一种可能性是将其作为操作过滤器来实现:

[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class RateLimitAttribute : ActionFilterAttribute
{
    public int Seconds { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        // Using the IP Address here as part of the key but you could modify
        // and use the username if you are going to limit only authenticated users
        // filterContext.HttpContext.User.Identity.Name
        var key = string.Format("{0}-{1}-{2}",
            filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
            filterContext.ActionDescriptor.ActionName,
            filterContext.HttpContext.Request.UserHostAddress
        );
        var allowExecute = false;

        if (HttpRuntime.Cache[key] == null)
        {
            HttpRuntime.Cache.Add(key,
                true,
                null,
                DateTime.Now.AddSeconds(Seconds),
                Cache.NoSlidingExpiration,
                CacheItemPriority.Low,
                null);
            allowExecute = true;
        }

        if (!allowExecute)
        {
            filterContext.Result = new ContentResult
            {
                Content = string.Format("You can call this every {0} seconds", Seconds)
            };
            filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Conflict;
        }
    }
}

And then decorate the action that needs to be limited:

然后装饰需要限制的行为:

[RateLimit(Seconds = 10)]
public ActionResult Index()
{
    return View();
}

#2

Have a look at Jarrod's answer on how they do this on SO.

看看Jarrod的答案，关于他们是怎么做的。

StackOverflow MVC Throttling

StackOverflow MVC节流

Some example code as well as explanation on how it works.

一些示例代码以及它如何工作的解释。

智能推荐

注意！

本站翻译的文章，版权归属于本站，未经许可禁止转摘，转摘请注明本文地址：http://www.silva-art.net/blog/2010/06/21/3317637addf7fa87d0757f1cb15e2f49.html。

猜您在找

如何在ASP中实现分页。净MVC吗? - How do you implement paging in ASP.NET MVC? 使用速率限制和缓存为ASP.NET MVC站点创建API - Creating an API for an ASP.NET MVC site with rate-limiting and caching 如何在ASP中实现打印。净MVC3 - How to implement printing in ASP.Net MVC3 如何处理Dropbox API中的速率限制？ - How do I handle rate limiting in the Dropbox API? 如何在ASP.NET MVC中实现Disqus？ - How do I implement Disqus in ASP.NET MVC?

智能推荐