RateLimiterOptionsExtensions in .NET:

RateLimiterOptionsExtensions in .NET:


Rate limiting is a vital technique for controlling and managing the flow of incoming requests to your web API. In .NET, the RateLimiterOptionsExtensions class provides a powerful tool to fine-tune your rate-limiting policies. In this blog post, we’ll explore leveraging the extensions to customise your rules with C# examples effectively.

Understanding what it is

Rate limiting is a mechanism that restricts the number of requests a client can make to your API within a specified time frame. It helps maintain service quality, prevent abuse, and ensure fair resource allocation.


RateLimiterOptionsExtensions is a part of the AspNetCoreRateLimit package and offers a flexible way to configure rules for your .NET application. It allows you to define rate-limiting policies based on various criteria, such as client IP, API key, and specific endpoints.

Installing the AspNetCoreRateLimit Package

Before diving into examples, make sure to install the AspNetCoreRateLimit package in your .NET project:

dotnet add package AspNetCoreRateLimit

Configuring with RateLimiterOptionsExtensions

Here’s how to configure rate limiting using RateLimiterOptionsExtensions in your .NET application:

Step 1: Import the Necessary Namespace

In your Startup.cs file, import the AspNetCoreRateLimit.Extensions namespace:

using AspNetCoreRateLimit.Extensions;

Step 2: Configure Rate Limiting Policies

Inside your ConfigureServices method in Startup.cs, configure rate limiting policies using RateLimiterOptionsExtensions:

public void ConfigureServices(IServiceCollection services)

    services.ConfigureRateLimiting(options =>
        // Define your rate limiting policies here
        options.AddClientRateLimiting("ClientPolicy", client =>
            client.Limit = 100;
            client.Period = TimeSpan.FromMinutes(1);

        options.AddEndpointRateLimiting("EndpointPolicy", endpoint =>
            endpoint.Limit = 50;
            endpoint.Period = TimeSpan.FromMinutes(1);

    // Add other services...

In this example, we’ve defined two policies for clients and specific endpoints. You can customise the limit and period based on your application’s requirements.

Step 3: Apply Rate Limiting Policies

Apply the defined policies to your API endpoints using attributes. Here’s an example of applying the ClientPolicy to a controller action:

public IActionResult LimitedEndpoint()
    // Your code here

Similarly, you can apply the EndpointPolicy to a specific endpoint:

public IActionResult AnotherLimitedEndpoint()
    // Your code here


Rate limiting is a crucial tool for maintaining the reliability and security of your .NET web API. With RateLimiterOptionsExtensions from the AspNetCoreRateLimit package, you can easily configure and customise policies to suit your application’s specific needs.

By defining policies for clients, endpoints, or other criteria, you can effectively control and manage incoming requests, ensuring fair resource allocation and preventing abuse. Use the provided C# examples as a starting point to implement limiting with ease and precision in your .NET application.

The official documentation can be found here: – https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit?view=aspnetcore-8.0.

I have written related posts here: – Building a Web API with TypeScript, Building a Secure Web API with C# and Unit Testing Mininal APIs.


Hi, my name is Stephen Finchett. I have been a software engineer for over 30 years and worked on complex, business critical, multi-user systems for all of my career. For the last 15 years, I have been concentrating on web based solutions using the Microsoft Stack including ASP.Net, C#, TypeScript, SQL Server and running everything at scale within Kubernetes.