Share via

Implement ASP.Net core rate Limit without an Endpoint

Ehsan 41 Reputation points
2021-07-12T11:24:48.95+00:00

I'm using AspNetCoreRateLimit Nuget package. Currently it's working nice, something like below: 

 "IpRateLimiting": {
    "EnableEndpointRateLimiting": true,
    "StackBlockedRequests": false,
    "RealIpHeader": "X-Real-IP",
    "ClientIdHeader": "X-ClientId",
    "HttpStatusCode": 429,
    "QuotaExceededResponse": {
      "Content": "Too many attempts ",

      "ContentType": "application/json"
    },
    "GeneralRules": [   
      {
        "Endpoint": "*:/register",
        "Period": "1h",
        "Limit": 15
      },
 .   .   .

I need to know if it is possible to use rate limit, for internal action methods, In fact I have an action method like this : 

public async Task<IActionResult> sendSMS(string mobileNumber)
  {
    // continued 
  }

It is not called from client side and always is redirectedTo and is called from other action methods. I need to set a rate Limit on it if it is possible

Developer technologies | ASP.NET | ASP.NET Core
Accepted answer
  1. Anonymous
    2021-07-13T02:51:45.81+00:00

    Hi @Ehsan ,

    Is it possible to limit an action method which is not called from client browser? and is called from my web App always?

    You only want to call that sendSMS method/function from the code of other method(s) instead of exposing it as an action method, right?

    In this scenario, you can apply the NonAction attribute to the method, code as below: 

        public IActionResult Privacy()  
    {  
        //call the sendSMS method  
        var result = sendSMS("1001");  

        return View();  
    }  
    [NonAction]  
    public async Task<IActionResult> sendSMS(string mobileNumber)  
    {  
        // continued   

        return Ok("send SMS");  
    }

    [Note] The NonAction attribute indicates that a controller method is not an action method. After using this attribute, the send SMS act as a normal method, and you can't use the RedirectToAction() method to redirect to this method. And, if you call the action method from the client/browser (via the URL), it will show the 404 view page not found error.

    In addition, you can consider creating a normal method instead of an action method, then call it from other action methods, code like this: 

        public IActionResult Privacy()  
    {  
        var result = sendSMS("1001");  

        return View();  
    }   
    public string sendSMS(string mobileNumber)  
    {  
        // continued   

        return "Success";  
    }

    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,
    Dillion

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 77,766 Reputation points Volunteer Moderator
    2021-07-12T15:06:29.177+00:00

    Redirect to is done by the client, so as long as all your actions use redirect you can throttle with the package. If an action calls directly, than only that actions throttle will be in effect.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.