Rate Limiting in ASP.NET Core

Program.cs

var builder = WebApplication.CreateBuilder(args);


// Configure rate limiter
builder.Services.AddRateLimiter(options =>
{
    options.AddFixedWindowLimiter("Fixed", opt =>
    {
        opt.PermitLimit = 10;           // Maximum 10 requests
        opt.Window = TimeSpan.FromMinutes(1); // In a 1-minute window
    });
});

Rate-Limiting Strategies

Fixed Window

Limits requests in fixed time intervals.

options.AddFixedWindowLimiter("Fixed", opt =>
{
    opt.PermitLimit = 5;
    opt.Window = TimeSpan.FromSeconds(30);
});

Sliding Window

Adjusts limits dynamically based on the sliding window.

options.AddSlidingWindowLimiter("Sliding", opt =>
{
    opt.PermitLimit = 10;
    opt.Window = TimeSpan.FromMinutes(1);
    opt.SegmentsPerWindow = 4;
});

Concurrency Limiting

Restricts the number of concurrent requests.

options.AddConcurrencyLimiter("Concurrent", opt =>
{
    opt.PermitLimit = 5; // Maximum concurrent requests
});

Token Bucket

Uses tokens to track available requests.

options.AddTokenBucketLimiter("TokenBucket", opt =>
{
    opt.TokenLimit = 10;
    opt.QueueProcessingOrder = QueueProcessingOrder.OldestFirst;
    opt.ReplenishmentPeriod = TimeSpan.FromSeconds(10);
    opt.TokensPerPeriod = 1;
    opt.QueueLimit = 5;
});