Comments (5)
muxa
commented on September 21, 2024
12
I have the same question. As a workaround i've used "ClientIdHeader": "Authorization", however the API can be configured to accept JWT tokens via query strings.
The problem is that the client rate limiting middleware is executed before MVC authorisation handles parse JWT token, and so httpContext.User is not set.
It would be nice to have an option for ClientRateLimitMiddleware to be executed after user context is set.
from aspnetcoreratelimit.
Kantis
commented on September 21, 2024
1
I had a similar problem with wanting to use claims-based ratelimiting. My solution was to register the ratelimiting middleware after authentication. In Startup.cs#Configure:
app.UseAuthentication();
app.UseClientRateLimiting();
Then using a custom configuration and resolver:
public class ClientIdResolver : IClientResolveContributor
{
private readonly IHttpContextAccessor _httpContextAccessor;
public ClientIdResolver(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
public string ResolveClient()
{
return _httpContextAccessor.HttpContext.User.GetPlayerId().ToString();
}
}
{
public CustomRateLimitConfiguration(IHttpContextAccessor httpContextAccessor,
IOptions<IpRateLimitOptions> ipOptions,
IOptions<ClientRateLimitOptions> clientOptions) : base(
httpContextAccessor, ipOptions, clientOptions)
{
}
protected override void RegisterResolvers()
{
ClientResolvers.Add(new ClientIdResolver(HttpContextAccessor));
}
}```
register the custom configuration using services in `Startup.cs#ConfigureServices`:
`services.AddSingleton<IRateLimitConfiguration, CustomRateLimitConfiguration>();`
from aspnetcoreratelimit.
CurlyBraceTT
commented on September 21, 2024
@Kantis
What do you use as Authorization? Custom middleware? I have custom AuthenticationHandler and a custom AuthorizationHandler and they execute before IClientResolveContributor. Maybe because they are MVC filters, which required to be executed after rate limiter.
Seems like I need to write middleware for Authentication then and use actual handlers just to confirm user.
from aspnetcoreratelimit.
Kantis
commented on September 21, 2024
@Kantis
What do you use as Authorization? Custom middleware? I have customAuthenticationHandlerand a customAuthorizationHandlerand they execute beforeIClientResolveContributor. Maybe because they are MVC filters, which required to be executed after rate limiter.Seems like I need to write middleware for Authentication then and use actual handlers just to confirm user.
We used claim based authentication using an auth header. We tried to use as much out-of-the-box as possible, so it shouldn't have been any custom middleware, but I'm not active in the project anymore so can't say for sure.
from aspnetcoreratelimit.
awatertrevi
commented on September 21, 2024
This helped me: #82 (comment)
from aspnetcoreratelimit.
Related Issues (20)
- Per user rate limit with seeding of the current usages HOT 1
- Endpoint path involving * (variable) not working correctly HOT 3
- Is there a way to rate limit globally on an end-point HOT 1
- same ip with different device in lan HOT 1
- Using Azure redis
- Post or put rule not working
- How to load client rules on execution, not startup HOT 1
- Release new version
- RateLimiting Not Working HOT 1
- Get the real User's desktop IP vs proxy ip address
- On ip got blocked
- Is this still maintained?
- Can a smol PR be merged?
- Repo maintenance HOT 2
- code err
- How to limit the number of unique clients overall?
- Sovle out of error plz
- Add a rule for all endpoints with an exception for few HOT 1
- rate limit based on response status code
- Regex rule problem using "start with"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aspnetcoreratelimit.