Limiting Request to Web API that are coming from same location

Question

We have a web api where we allow anon[AllowAnonymous] users to register using our own mobile apps(android & iOS). Recently it was reported that there are multiple users registered with the same email address which we do not allow. We have multiple check to not allow this to happen. When we check our IIS log. We have something like this:

2020-02-15 18:40:42 XXX.XXX.X.XX POST /api/Account/Register - 8082 - Y.YY.YYY.YYY OurIOSAppName/3+CFNetwork/1121.2.2+Darwin/19.3.0 - 400 0 64 69968
2020-02-15 18:40:42 XXX.XXX.X.XX POST /api/Account/Register - 8082 - Y.YY.YYY.YYY OurIOSAppName/3+CFNetwork/1121.2.2+Darwin/19.3.0 - 200 0 0 13218
2020-02-15 18:40:42 XXX.XXX.X.XX POST /api/Account/Register - 8082 - Y.YY.YYY.YYY OurIOSAppName/3+CFNetwork/1121.2.2+Darwin/19.3.0 - 200 0 0 17390

it seems that the our web api is receiving multiple request from the iOS mobile app using AlamoFire and the same with RetroFit for Android. Is there away prevent this?

score 0 · Answer 1 · answered Feb 18 '20 at 15:54

The issue isn't that there are multiple requests coming at the same time, but rather your code for creating users has a race condition. There are numerous ways to deal with this with the below two tickets just being a start.

Preventing race condition of if-exists-update-else-insert in Entity Framework

https://softwareengineering.stackexchange.com/questions/263726/how-to-prevent-race-conditions-in-a-web-application

Limiting Request to Web API that are coming from same location

1 Answers1