BotDetect ASP.NET & ASP.NET Core CAPTCHA Generator

Unlike Recaptcha the Stalker -- BotDetect CAPTCHA works in China! Licensable source-code; self-hosted -- doesn't stalk -- nor does it slurp your form-data! Think: GDPR & LGPD!

ASP.NET (Core) CAPTCHA Generator Highlights:


  • Self-hosted .NET Captcha Component -- no 3rd-party servers involved
  • Where having no 3rd-party servers involved also means no:
    • TLS v1.3 PSK/n-RTT session resumption,
    • TLS v1.2 Session Ticket/ID session resumption,
    • TLS Channel ID,
    • Token Binding-based
    ways of user identification and tracking / stalking
  • Lets you never have 3rd-parties identify and stalk users on your site -- and never have 3rd-parties slurp national-security-sensitive or privacy-sensitive form-data from your site
  • Plays nicely with TOR Browser users

  • Licensable source-code (C#/JavaScript) -- to fit neatly in your code audit processes

  • Works in China
  • Allows for EU GDPR and Brazilian LGPD compliant sites -- no need to risk those enormous multi-million dollar fines
  • 54 audio localizations (including all 24 official EU languages) letting you treat each local market with that particular local market's familiar combination of script and language

  • Out-of-the-box integrations with various JavaScript frontends:

  • Works in ASP.NET & ASP.NET Core 1/2 apps on top of .NET & .NET Core frameworks
  • SharePoint Feature for SharePoint Server / Foundation
  • Fully compatible with ASP.NET Ajax and jQuery Ajax validation

  • TestMode-enabled -- ready for your CI/CD pipelines

  • Produces XHTML 1.1 Strict, Section 508 and WCAG AAA compliant markup
  • Accompanied with legible images and recognizable audios

  • 60 secure & readable Captcha image styles
  • 20 secure & accessible audio Captcha sound styles
  • Custom Captcha image size, code length, css & icons, tooltips, and pretty much everything else...
  • Full support for all major browsers and all Android & iOS devices


BotDetect ASP.NET Captcha generator allows you to easily add Captcha protection to various types of ASP.NET based forms.

We'll use default Captcha generator settings; to see how powerful and customizable BotDetect is, check the BotDetect features demo.


1. Add a Reference to BotDetect and SQLite

Both the BotDetect.dll and BotDetect.Web.Mvc.dll assemblies should be referenced. They are included in the BotDetect installation.

By default, BotDetect ASP.NET CAPTCHA Simple API uses SQLite as the default persistence provider for storing captcha data, so you need to ensure SQLite assembly is referenced in your project. Here is where you can find the SQLite installation guide. Or check any Simple API examples that are installed with BotDetect.

2. Show a Captcha Challenge on the Form

In View code: import the BotDetect namespace, include BotDetect styles in page <head>, create a MvcSimpleCaptcha object and pass it to the SimpleCaptcha HtmlHelper:
@using BotDetect.Web.Mvc;
  @{ MvcSimpleCaptcha exampleCaptcha = new MvcSimpleCaptcha("ExampleCaptcha"); 

3. Check User Input During Form Submission

Mark the protected Controller action with the SimpleCaptchaValidation attribute to include SimpleCaptcha validation in ModelState.IsValid checks:
using BotDetect.Web.Mvc;
  [SimpleCaptchaValidation("CaptchaCode", "ExampleCaptcha", "Incorrect CAPTCHA code!")]
  public ActionResult ExampleAction(ExampleModel model)
      if (!ModelState.IsValid)
        // TODO: SimpleCaptcha validation failed, show error message      
        // TODO: SimpleCaptcha validation passed, proceed with protected action  

4. Configure Your ASP.NET Application

Exclude BotDetect paths from ASP.NET MVC Routing:
public static void RegisterRoutes(RouteCollection routes)
      // BotDetect requests must not be routed
        new { botdetect = @"(.*)BotDetectCaptcha\.ashx" });
Update your application configuration (the web.config file):
      <!-- Register the HttpHandler used for BotDetect Simple API 
        requests -->
      <add verb="GET" path="BotDetectCaptcha.ashx"
        type="BotDetect.Web.SimpleCaptchaHandler, BotDetect"/>
    <validation validateIntegratedModeConfiguration="false"/>
      <!-- Register the HttpHandler used for BotDetect Simple API 
        requests (IIS 7.0+) -->
      <remove name="BotDetectCaptchaHandler"/>
      <add name="BotDetectCaptchaHandler" preCondition="integratedMode" 
        verb="GET" path="BotDetectCaptcha.ashx"
        type="BotDetect.Web.SimpleCaptchaHandler, BotDetect"/>

In-Depth ASP.NET MVC CAPTCHA Instructions and Explanations

Detailed ASP.NET MVC Captcha Simple API instructions and explanations can be found in the ASP.NET MVC Captcha Simple API integration how to guide.

5. Configure Captcha options

Configure captcha options in botdetect.xml configuration file. By default, this file is located at the root of your project.

<?xml version="1.0" encoding="UTF-8"?>
    <botdetect xmlns=""
        xsi:schemaLocation=" ">

BotDetect ASP.NET CAPTCHA Free Version

You can download BotDetect ASP.NET CAPTCHA Control for free and use it immediately! Your ASP.NET forms can be protected from spam (and bots in general) in minutes.

If you need any assistance integrating BotDetect or have any questions or feedback, our Support department is at your disposal.

Once the BotDetect Captcha generator control has been integrated into your ASP.NET application and you're satisfied with how it works, it's easy to upgrade your license if you need the extra features and options offered by commercial BotDetect versions.

BotDetect ASP.NET Captcha Free Download

BotDetect ASP.NET CAPTCHA System Requirements

OS IIS .NET Browser

Supported Operating Systems:

  • Windows Server 2019
  • Windows Server 2016
  • Windows 10
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows 8
  • Windows Server 2008 R2
  • Windows 7
  • Windows Server 2008
  • Windows Vista
  • Windows Server 2003
  • Windows XP
  • Windows Server 2000
  • Windows 2000 Professional

Supported Internet Information Services:

  • IIS 10
  • IIS 8.5
  • IIS 8.0
  • IIS 7.5
  • IIS 7.0
  • IIS 6.0
  • IIS 5.1
  • IIS 5.0

Supported .NET Framework versions:

  • .NET Core 2.x
  • .NET Core 1.x
  • .NET 4.7
  • .NET 4.6
  • .NET 4.5
  • .NET 4.0
  • .NET 3.5
  • .NET 3.0
  • .NET 2.0

Officially Supported Browsers*:

  • Chrome 49+
  • Edge 20+
  • Firefox 52+
  • IE 8+
  • Opera 36+
  • Safari (OSX) 5+
  • Safari (iOS 6+)

Numerous other browsers are not officially supported but the captcha still works.

Read the notes below!


'Officially Supported Browsers' are those browsers for which we do the testing in order to ensure that both the image and audio captcha options are working properly.

Nonetheless, both the image and audio captcha options are working properly in the most of non-archaic ** browsers anyway -- officially-supported, or not -- while the image captcha option alone works in all of them!

If you find our 'Officially Supported Browsers' policy too-restrictive check Recaptcha the Stalker's one that says:

  • We support the two most recent major versions of the following:

    • desktop (Windows, Linux, Mac): Chrome, Firefox, Safari, IE

    • mobile: Chrome, Safari, Android native browser (4.0+)

We guess that after checking the Recaptcha's policy -- you will consider ours as the accommodative one :).


Archaic browsers?

At present, our 'Archaic Browsers' policy works this way:

  • Those last remaining few real humans still browsing around using the WinXP should update their browsers to the latest version that still works on the XP.

Or, in the less nice words:

  • If those last remaining few laggards cannot be bothered to update their browsers -- we cannot be bothered neither -- nor you should be!

  • Half of the Internet is broken for them since years ago anyway -- and they do not seem to care!