How To Implement Captcha in Asp.Net

How To Implement Captcha in Asp.Net

Key features of Captcha ASP.NET 4.0 Server Control:

* Ability to set any size for your captcha

* Set alphabet and string length

* Set the level of noise and line noise

* Timer to make your captcha obsolete after specified period of time

* Set various fonts for your captcha


Planned enhancements:

* Create "math" captchas, which offers users to solve simple formulas (like "15 + 23 =") instead of random string.
(function already implemented in beta release)
* Return error codes for various reasons of user input rejection
* Case sensitive captcha (see voting for this feature)


Installation instruction:

1. Unzip the downloaded file.

2. Copy MSCaptcha.dll and MSCaptcha.xml files to your /bin application directory.

3. In your application, add reference to mscaptcha.dll file.

4. Modify your web.config file, by adding this line to section:
<<span style="color: #A31515; font-size: small;">add verb="GET" path="CaptchaImage.axd" type="MSCaptcha.CaptchaImageHandler, MSCaptcha"/>

5. Add MSCaptcha control to your Visual Studio toolbox (optional)

6. That's it!


Example of use:

1. Add line to your .aspx file:
<%<span style="color: #0000ff; font-size: small;">@ Register Assembly="MSCaptcha" Namespace="MSCaptcha" TagPrefix="cc1" %>

2. Where needed, add the control itself:
<<span style="color: #A31515; font-size: small;">cc1:CaptchaControl ID="ccJoin" runat="server" CaptchaBackgroundNoise="none" CaptchaLength="5" CaptchaHeight="60" CaptchaWidth="200" CaptchaLineNoise="None" CaptchaMinTimeout="5" CaptchaMaxTimeout="240" />

3. Put a textbox somewhere in your page where your user must enter what he sees in your captcha. Put this code (this example is in C#) to validate user input:

ccJoin.ValidateCaptcha(txtCap.Text);
if (!ccJoin.UserValidated)
{
//Inform user that his input was wrong ...
return;
}

In this particular example the ccJoin is the name of the Captcha control, the txtCap is the textbox where user entered what he sees in Captcha.


Essential parameters:

* CaptchaBackgroundNoise - either "none", "low", "medium", "high" or "extreme" - the amount of noise to add to the picture to make it harder for OCR ("optical character recognition") software to recognize. Beware that this also affects how your users will be able to read and understand its content. So our recommendation is to set it to "none" and only increase the level if you'll notice the presence of automatically registered bots on your site.

* CaptchaLength - how many symbols captcha will contain. The recommended value is around 4-5, and you should increase it only if have a real problem with spammers.

* CaptchaHeight and CaptchaWidth - the height and width (in pixels) of the generated image.

* CaptchaLineNoise - adds lines to your image to further harden the OCR software work. The recommended starting value is "None", although you can increase it later.

* CaptchaMaximeout - timeout in seconds, after which your current captcha will become invalid. It is recommended to keep this value relatively high and refresh (using AJAX, for example) your captcha when it is about to become invalid.

* CaptchaMinTimeout - minimal time period in seconds for filling the captcha response. This means - if you set the CaptchaLength to 5 seconds, any input entered in first 5 seconds after Captcha's generation will be rejected.

* CaptchaChars - the string of characters to be used for Captcha generation. The default is "ABCDEFGHJKLMNPQRSTUVWXYZ23456789". We recommend to avoid using chars like O, 0, 1 and I because using different fonts they may confuse your users.