-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Throttling infrastructure for WebAPI (Feature Request) #1157
Comments
While it's easy to add a simple filter what would block a clients to request the same Route for a some configured amount of time, making a complicated throttler (with the custom network rate limits, whitelists, runtime config updates, etc.) might be much harder to develop and maintain in a future. I think that it would be better to consider using https://github.com/stefanprodan/WebApiThrottle instead of inventing a wheel. According to the docs, this package is very easy to install and it provides a lot of things. Also, I like that it has just a few dependencies: <?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net45" />
<package id="Microsoft.Owin" version="3.0.1" targetFramework="net45" />
<package id="Newtonsoft.Json" version="6.0.8" targetFramework="net45" />
<package id="Owin" version="1.0" targetFramework="net45" />
</packages> WebApiThrottle it provides a lot custom throttling configuration, which can be useful in production and I'm not sure that even a integration module is needed as setting up this Throttler is quite easy. |
@4nonym0us I have no problem using a 3rd party package. I am just trying to limit including 3rd party packages if ABP will support it. Otherwise I will more than likely end up having to "undo" the 3rd party work when the ABP solution comes along as the ABP solution will play "nicer" with the rest of ABP - for instance wiring up tenants, users etc etc. by hand. |
We can develop some sort of integration package, based on WebApiThrottle. At the start, we need to determine with what the package should integrate. I like your idea of making different limitations for the tenant (and users), it might be very handy as in WebApiThrottle all policies can be changed even in runtime. Do you have any other suggestions? |
WebApiThrottle seems very good. I will check it deeply to understand if it's needed to create an integration package or it's already easy to make it working with ABP. |
I don't have any other ideas atm. My basic premise with all of this stuff is that:
Also understanding the future features/roadmap to be added is handy so that we don't go off and develop something now that will be obsoleted because we have not got around to a future feature for instance. |
Any reason this has been closed? At this point there is still no throttling support? |
We don't plan to build this feature. Instead, any 3-rd party library can be used. |
In ABP vNext is this then integrated with the authentication system from for users? |
I don't know yet. There is a related issue: abpframework/abp#389 |
Hi,
The current WebAPI pretty much covers most of what is needed (incl bearer token auth). One thing that would be really handy was some form of automatic throttling infrastructure to round out this functionality.
The text was updated successfully, but these errors were encountered: