How to Identify the Rejected PolicyName When Handling 429 Rate Limit Errors in .Net?

Question

I am using multiple rate-limiting policies in my .NET application, and I want to determine which specific policy caused a request to be rejected (HTTP 429). This is important for logging and metrics purposes.

I have defined multiple policies using RateLimitPartition.GetFixedWindowLimiter as follows:

limiterOptions.AddPolicy("InternalServicePolicy", httpContext =>
{
    return RateLimitPartition.GetFixedWindowLimiter("InternalServicePolicy",
        _ => new FixedWindowRateLimiterOptions()
        {
            PermitLimit = rateLimitingOptions.InternalServicePolicyOptions.PermitLimit,
            Window = TimeSpan.FromSeconds(rateLimitingOptions.InternalServicePolicyOptions.TimePeriod),
            AutoReplenishment = true,
            QueueLimit = 0,
        });
});

limiterOptions.AddPolicy("ThirdPartyPolicy", httpContext =>
{
    return RateLimitPartition.GetFixedWindowLimiter("ThirdPartyPolicy",
        _ => new FixedWindowRateLimiterOptions()
        {
            PermitLimit = rateLimitingOptions.ThirdPartyPolicyOptions.PermitLimit,
            Window = TimeSpan.FromSeconds(rateLimitingOptions.ThirdPartyPolicyOptions.TimePeriod),
            AutoReplenishment = true,
            QueueLimit = 0,
        });
});

limiterOptions.OnRejected = async (context, cancellationToken) =>
{
    // Metrics and logging

    context.HttpContext.Response.StatusCode = StatusCodes.Status429TooManyRequests;
    await context.HttpContext.Response.WriteAsync(
       "Too many requests. Please try again later. " +
        "Read more about our rate limits at https://example.org/docs/ratelimiting.", cancellationToken: cancellationToken);
};

Answer 1

The easiest way is to rely on the endpoint metadata:

limiterOptions.OnRejected = async (context, cancellationToken) =>
{
    // Metrics and logging

    // policyName from metadata
    var policyName = context.HttpContext
    .GetEndpoint()
    .Metadata
    .GetMetadata<EnableRateLimitingAttribute>()
    .PolicyName;

    context.HttpContext.Response.StatusCode = StatusCodes.Status429TooManyRequests;
    await context.HttpContext.Response.WriteAsync(
       "Too many requests. Please try again later. " +
        "Read more about our rate limits at https://example.org/docs/ratelimiting.", cancellationToken: cancellationToken);
};