RateLimiting.Defaults 1.0.3

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package RateLimiting.Defaults --version 1.0.3
                    


                    

                
NuGet\Install-Package RateLimiting.Defaults -Version 1.0.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="RateLimiting.Defaults" Version="1.0.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="RateLimiting.Defaults" Version="1.0.3" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="RateLimiting.Defaults" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add RateLimiting.Defaults --version 1.0.3
                    


                    

                
#r "nuget: RateLimiting.Defaults, 1.0.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package RateLimiting.Defaults@1.0.3
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=RateLimiting.Defaults&version=1.0.3
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=RateLimiting.Defaults&version=1.0.3
                    


                            Install as a Cake Tool

RateLimiting.Defaults

Production-ready rate limiting defaults for ASP.NET Core services. Pre-configured sliding window policies for common scenarios. One-line adoption.

Installation

dotnet add package RateLimiting.Defaults

Quick Start

using RateLimiting.Defaults.Extensions;

// In Program.cs or ProgramExtensions.cs:
builder.AddRateLimitingDefaults();

var app = builder.Build();

// Add middleware after UseAuthorization(), before endpoints
app.UseAuthentication();
app.UseAuthorization();
app.UseRateLimiter();  // <-- rate limiting middleware

Pre-Configured Policies

Policy Default Limit Partition Key Use Case
Api (global) 100/min User ID or IP Default for all endpoints
Auth 5/min IP only Login, OTP, password reset
Public 300/min IP only Public-facing pages
Upload 10/min User ID or IP File uploads

The Api policy is applied globally to all requests. Other policies can be applied to specific endpoints.

Applying Policies to Endpoints

FastEndpoints

using RateLimiting.Defaults.Policies;

public override void Configure()
{
    Post("/api/auth/login");
    AllowAnonymous();
    Options(x => x.RequireRateLimiting(RateLimitPolicies.Auth));
}

Minimal APIs

app.MapPost("/api/upload", HandleUpload)
   .RequireRateLimiting(RateLimitPolicies.Upload);

Controllers

[EnableRateLimiting(RateLimitPolicies.Auth)]
[HttpPost("login")]
public async Task<IActionResult> Login(LoginRequest request) { ... }

Configuration via appsettings.json

Override defaults per-service:

{
  "RateLimiting": {
    "Auth": { "PermitLimit": 10, "WindowSeconds": 60 },
    "Api": { "PermitLimit": 200, "WindowSeconds": 60 },
    "Public": { "PermitLimit": 500, "WindowSeconds": 60 },
    "Upload": { "PermitLimit": 20, "WindowSeconds": 60 }
  }
}

Configuration via Code

builder.AddRateLimitingDefaults(opts =>
{
    opts.Auth.PermitLimit = 3;  // Extra strict for this service
    opts.Api.PermitLimit = 200; // Higher limit for this service
});

Rejection Response

When a client exceeds the rate limit, they receive:

  • HTTP 429 Too Many Requests
  • Retry-After header (seconds)
  • JSON body:
{
  "status": 429,
  "title": "Too Many Requests",
  "detail": "Rate limit exceeded. Please try again later.",
  "retryAfterSeconds": 15
}

Architecture

  • Uses ASP.NET Core built-in Microsoft.AspNetCore.RateLimiting (no external dependencies)
  • Sliding window algorithm for smooth request distribution
  • In-memory rate limiter (per-instance) — suitable for single-instance and development
  • Partition keys: authenticated users by sub claim (user ID), anonymous by IP

Future: Redis-Backed Distributed Limiting

When scaling to multiple replicas, swap to Redis-backed rate limiting by creating a custom IRateLimiterPolicy that uses StackExchange.Redis. The policy names and configuration remain the same.

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net10.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.3 736 3/12/2026
1.0.1 121 3/12/2026