Is Rate Limiting middleware before or after Authentication one? #1828
Replies: 3 comments 2 replies
-
|
@osmansonmez yes this makes sense I think, I would accept a PR for this but don't have time to do the work myself atm. I will mark this issue as a new feature. |
Beta Was this translation helpful? Give feedback.
-
|
This really needs to be addressed. ETA anyone? At least it this should be mentioned in the documentation that this can be exploited to launch a dos attack on a valid client in its current state (mark as experimental maybe?). |
Beta Was this translation helpful? Give feedback.
-
|
Ho-ho-ho! 💥 |
Beta Was this translation helpful? Give feedback.
-
|
Mr. Hemal, |
Beta Was this translation helpful? Give feedback.
-
Hi Osman! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I want to use Rate Limiting but I want to take RequestId from claims. I see RateLimiting handler runs before authentication handler and
ClaimsToHeadersMiddlewarehandler. I think we should change order RateLimiting and authentication . I don't trust clear header value. Client can change ClientId value always and make request to server and can break Rate Limiting control. I want to take RequestID from in to the claims after authentication.How can we do?
Beta Was this translation helpful? Give feedback.
All reactions