Using a CAPTCHA to Prevent Bots from Using Your ASP.NET Web Razor) Site
by Microsoft
This article explains how to use ReCaptcha (a security measure) to prevent automated programs (bots) from performing tasks in an ASP.NET Web Pages (Razor) website.
What you’ll learn:
- How to add a CAPTCHA test to your site.
These are the ASP.NET features introduced in the article:
- The
ReCaptcha
helper.[!NOTE] The information in this article applies to ASP.NET Web Pages 1.0 and Web Pages 2.
About CAPTCHAs
Any time you let people register in your site, or even just enter a name and URL (like for a blog comment), you might get a flood of fake names. These are often left by automated programs (bots) that try to leave URLs in every website they can find. (A common motivation is to post the URLs of products for sale.)
You can help make sure that a user is real person and not a computer program by using a CAPTCHA to validate users when they register or otherwise enter their name and site. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. A CAPTCHA is a challenge-response test in which the user is asked to do something that is easy for a person to do but hard for an automated program to do. The most common type of CAPTCHA is one where you see some distorted letters and are asked to type them. (The distortion is supposed to make it hard for bots to decipher the letters.)
Adding a ReCaptcha Test
In ASP.NET pages, you can use the ReCaptcha
helper to render a CAPTCHA test that is based on the ReCaptcha service (http://recaptcha.net). The ReCaptcha
helper displays an image of two distorted words that users have to enter correctly before the page is validated. The user response is validated by the ReCaptcha.Net service.
- Register your website at ReCaptcha.Net (http://recaptcha.net). When you’ve completed registration, you’ll get a public key and a private key.
- Add the ASP.NET Web Helpers Library to your website as described in Installing Helpers in an ASP.NET Web Pages Site, if you haven’t already.
- If you don’t already have a _AppStart.cshtml file, in the root folder of a website create a file named _AppStart.cshtml.
Add the following
[!code-cshtmlMain]Recaptcha
helper settings in the _AppStart.cshtml file:1: @using Microsoft.Web.Helpers;
2: @{
3: // Add the PublicKey and PrivateKey strings with your public
4: // and private keys. Obtain your PublicKey and PrivateKey
5: // at the ReCaptcha.Net (http://recaptcha.net) website.
6: ReCaptcha.PublicKey = "your-public-key";
7: ReCaptcha.PrivateKey = "your-private-key";
8: }
- Set the
PublicKey
andPrivateKey
properties using your own public and private keys. - Save the _AppStart.cshtml file and close it.
- In the root folder of a website, create new page named Recaptcha.cshtml.
Replace the existing content with the following:
[!code-cshtmlMain]1: @using Microsoft.Web.Helpers;
2: @{
3: var showRecaptcha = true;
4: if (IsPost) {
5: if (ReCaptcha.Validate()) {
6: @:Your response passed!
7: showRecaptcha = false;
8: }
9: else{
10: @:Your response didn't pass!
11: }
12: }
13: }
14: <!DOCTYPE html>
15: <html>
16: <head>
17: <title>Testing Global Recaptcha Keys</title>
18: </head>
19: <body>
20: <form action="" method="post">
21: @if(showRecaptcha == true){
22: if(ReCaptcha.PrivateKey != ""){
23: <p>@ReCaptcha.GetHtml()</p>
24: <input type="submit" value="Submit" />
25: }
26: else {
27: <p>You can get your public and private keys at
28: the ReCaptcha.Net website (http://recaptcha.net).
29: Then add the keys to the _AppStart.cshtml file.</p>
30: }
31: }
32: </form>
33: </body>
34: </html>
Run the Recaptcha.cshtml page in a browser. If the
PrivateKey
value is valid, the page displays the ReCaptcha control and a button. If you had not set the keys globally in _AppStart.html, the page would display an error.Enter the words for the test. If you pass the ReCaptcha test, you see a message to that effect. Otherwise you see an error message and the ReCaptcha control is redisplayed.
[!NOTE] If your computer is on a domain that uses proxy server, you might need to configure the
defaultproxy
element of the Web.config file. The following example shows a Web.config file with thedefaultproxy
element configured to enable the ReCaptcha service to work.[!code-xmlMain]
1: <?xml version="1.0" encoding="utf-8"?>2: <configuration>3: <system.net>4: <defaultProxy>5: <proxy6: usesystemdefault = "false"7: proxyaddress="http://myProxy.MyDomain.com"8: bypassonlocal="true"9: autoDetect="False"10: />11: </defaultProxy>12: </system.net>13: </configuration>
|