BotDetect ASP.NET & ASP.NET Core CAPTCHA Generator

Unlike Recaptcha the Stalker -- BotDetect CAPTCHA works in China! Licensable source-code; self-hosted -- doesn't stalk -- nor does it slurp your form-data! Think: GDPR & LGPD!

ASP.NET (Core) CAPTCHA Generator Highlights:


  • Self-hosted .NET Captcha Component -- no 3rd-party servers involved
  • Where having no 3rd-party servers involved also means:
    • no TLS v1.3 PSK/n-RTT session resumption,
    • no TLS v1.2 Session Ticket/ID session resumption,
    • no TLS Channel ID,
    • no Token Binding-based
    ways of user identification and tracking / stalking
  • Lets you never have 3rd-parties identify and stalk users on your site -- and never have 3rd-parties slurp national-security-sensitive or privacy-sensitive form-data from your site
  • Plays nicely with TOR Browser users

  • Licensable source-code (C#/JavaScript) -- to fit neatly in your code audit processes

  • Works in China
  • Allows for EU GDPR and Brazilian LGPD compliant sites -- no need to risk those enormous multi-million dollar fines
  • 56 audio localizations (including all 24 official EU languages) let you treat each local market with that particular local market's familiar combination of script and language

  • Out-of-the-box integrations with various JavaScript frontends:

  • Works in ASP.NET & ASP.NET Core 1/2 apps on top of .NET & .NET Core frameworks
  • SharePoint Feature for SharePoint Server / Foundation

  • TestMode-enabled -- ready for your CI/CD pipelines

  • Produces XHTML 1.1 Strict, Section 508 and WCAG AAA compliant markup
  • Accompanied with legible images and recognizable audios

  • 60 secure & readable Captcha image styles
  • 20 secure & accessible audio Captcha sound styles
  • Custom Captcha image size, code length, css & icons, tooltips, and pretty much everything else...
  • Full support for all major browsers and all Android & iOS devices


BotDetect ASP.NET Captcha generator allows you to easily add Captcha protection to various types of ASP.NET based forms.

We'll use default Captcha generator settings; to see how powerful and customizable BotDetect is, check the BotDetect features demo.

Use THIS nuget in:

  • ASP.NET applications running on the legacy .NET (non-Core) Frameworks
  • ASP.NET Core applications running on the .NET Core Frameworks

1. Add CAPTCHA NuGet Package

  • Open the NuGet Package Manager.

    BotDetect ASP.NET Core Add Nuget Package
  • Choose package source and search for CAPTCHA.

    BotDetect ASP.NET Core Nuget Package Description

2. Configure Your ASP.NET Application

  • Add the highlighted lines into your app's Startup class (Startup.cs):
    public class Startup 
      public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) 
        // configures Session middleware 
        // configure your application pipeline to use Captcha middleware 
      // This method gets called by the runtime. Use this method to add services to the container. 
      public void ConfigureServices(IServiceCollection services) 
        // Uncomment the next line if the .NET Core 1.x compatibility is required 
        // services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); 
        services.AddMemoryCache(); // Adds a default in-memory  
                                            // implementation of  
                                            // IDistributedCache 
        // Add framework services. 
        // Add Session services. 
        services.AddSession(options => 
          options.IdleTimeout = TimeSpan.FromMinutes(20); 
  • Add @addTagHelper directive makes Tag Helpers available to the view. To expose BotDetect Captcha Tag Helper in your project, you would use the following in Views/_ViewImports.cshtml file:

    @using AspNetMvc6BasicCaptchaExample 
    @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers 
    @addTagHelper "BotDetect.Web.Mvc.CaptchaTagHelper, BotDetect.Web.Mvc" 

3. Show a Captcha Challenge on the Form

In View code: include BotDetect styles in page <head>, and show Captcha challage on the form using captcha tag helper:
@section header { 
    <environment names="Development,Staging,Production"> 
        <link href="@BotDetect.Web.CaptchaUrls.Absolute.LayoutStyleSheetUrl" 
              rel="stylesheet" type="text/css" /> 


<label asp-for="CaptchaCode">Retype the code from the picture:</label> 
<captcha id="ExampleCaptcha" user-input-id="CaptchaCode" /> 
<div class="actions"> 
  <input asp-for="CaptchaCode" /> 
  <input type="submit" value="Validate" /> 
  <span asp-validation-for="CaptchaCode"></span> 
  @if ((Context.Request.Method.ToUpper() == "POST") && ViewData.ModelState.IsValid) 
    <span class="correct">Correct!</span> 


4. Check User Input During Form Submission

Mark the protected Controller action with the CaptchaValidation attribute to include Captcha validation in ModelState.IsValid checks:
using BotDetect.Web.Mvc; 

[CaptchaValidation("CaptchaCode", "ExampleCaptcha", "Incorrect CAPTCHA code!")] 
public ActionResult ExampleAction(ExampleModel model) 
    if (!ModelState.IsValid) 
      // TODO: Captcha validation failed, show error message      
      // TODO: Captcha validation passed, proceed with protected action  

BotDetect ASP.NET CAPTCHA Free Version

You can download BotDetect ASP.NET CAPTCHA Control for free and use it immediately! Your ASP.NET forms can be protected from spam (and bots in general) in minutes.

If you need any assistance integrating BotDetect or have any questions or feedback, our Support department is at your disposal.

Once the BotDetect Captcha generator control has been integrated into your ASP.NET application and you're satisfied with how it works, it's easy to upgrade your license if you need the extra features and options offered by commercial BotDetect versions.

BotDetect ASP.NET Captcha Free Download

BotDetect ASP.NET CAPTCHA System Requirements

OS IIS .NET Browser

Supported Operating Systems:

  • Windows Server 2019
  • Windows Server 2016
  • Windows 10
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows 8
  • Windows Server 2008 R2
  • Windows 7
  • Windows Server 2008
  • Windows Vista
  • Windows Server 2003
  • Windows XP
  • Windows Server 2000
  • Windows 2000 Professional

Supported Internet Information Services:

  • IIS 10
  • IIS 8.5
  • IIS 8.0
  • IIS 7.5
  • IIS 7.0
  • IIS 6.0
  • IIS 5.1
  • IIS 5.0

Supported .NET Framework versions:

  • .NET Core 2.x
  • .NET Core 1.x
  • .NET 4.7
  • .NET 4.6
  • .NET 4.5
  • .NET 4.0
  • .NET 3.5
  • .NET 3.0
  • .NET 2.0

Officially Supported Browsers*:

  • Chrome 49+
  • Edge 20+
  • Firefox 52+
  • IE 8+
  • Opera 36+
  • Safari (OSX) 5+
  • Safari (iOS 6+)

Numerous other browsers are not officially supported but the captcha still works.

Read the notes below!


'Officially Supported Browsers' are those browsers for which we do the testing in order to ensure that both the image and audio captcha options are working properly.

Nonetheless, both the image and audio captcha options are working properly in the most of non-archaic ** browsers anyway -- officially-supported, or not -- while the image captcha option alone works in all of them!

If you find our 'Officially Supported Browsers' policy too-restrictive check Recaptcha the Stalker's one that says:

  • We support the two most recent major versions of the following:

    • desktop (Windows, Linux, Mac): Chrome, Firefox, Safari, IE

    • mobile: Chrome, Safari, Android native browser (4.0+)

We guess that after checking the Recaptcha's policy -- you will consider ours as the accommodative one :).


Archaic browsers?

At present, our 'Archaic Browsers' policy works this way:

  • Those last remaining few real humans still browsing around using the WinXP should update their browsers to the latest version that still works on the XP.

Or, in the less nice words:

  • If those last remaining few laggards cannot be bothered to update their browsers -- we cannot be bothered neither -- nor you should be!

  • Half of the Internet is broken for them since years ago anyway -- and they do not seem to care!