Design Q&A: usage quotas in WCF services


I’ve got a WCF service on which I want to restrict the number of calls per hour – on a per-user basis. For example, max 1000 calls per user, per hour (a la Google Maps, etc).   I also want to implement some sort of subscription mechanism, so that users can upgrade their call-limit across various ‘price plans’.

I know that I could achieve this with a custom Inspector, backed by a DB containing some sort of ‘subscription’ table and a counter, but I’d like to avoid reinventing the wheel.

Thanks, Eric


I don’t know if there are any off-the-shelf packages to do this (anyone listening? could be an opportunity!), but here are my quick thoughts on the issue:

  1. Your requirement is “within the last hour” — let’s say “time period” instead of hour, since that can be changed easily. You’ll have to keep track of all the calls by that user within the time period, as well as have some kind of mechanism to roll off or archive this data. If you’re storing in a database, this can be a significant performance issue, depending on your database, the # of users, the number of calls made per time period, the “weight” of your service methods (i.e. amount of work done), etc.

    It’s pretty easy to design a generic interface that will let you splice in caching if you need it — but you will also want to track the total time spent retrieving API/service limit info, to make sure your usage quota enforcement isn’t slowing down your service too much.

  2. Partition the quota-limited functionality at the service level if possible — not the individual operation or method. If you can make the limits apply to use of an entire service and to just specific or individual methods, everything will be easier: the code, the tracking, the user’s understanding, etc. In general, that is…
  3. The proper place to intercept & check is not in a message inspector IMHO, but in the OperationInvoker. Install a custom operation invoker via a service-wide behavior, and you will lock down the entire service. In addition, you will have access to post-message-processing info, like the authenticated user name etc. See Skonnard’s article on MSDN “Extending WCF via Behaviors.”

Hope this is helpful. If you decide to do it yourself, make sure to handle concurrency (multiple threads calling into your service at the same time)!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: