ASP.NET MVC 4.0 Basic CAPTCHA C# ASPX Code Sample (BotDetect v3.0; deprecated)
The ASP.NET MVC 4.0 Basic Captcha C# ASPX sample project shows the most basic source code required to protect an ASP.NET MVC form with BotDetect CAPTCHA and validate the user input.
First Time Here?
Check the BotDetect ASP.NET MVC Captcha Quickstart for key integration steps.
ASP.NET MVC View code displaying CAPTCHA protection can be found in Views/Sample/Index.aspx
, and the ASP.NET MVC Controller code checking user input is in Controllers/SampleController.cs
.
→ ASP.NET MVC version:
- ASP.NET MVC 5.0
- ASP.NET MVC 4.0
→ .NET programming language:
- C#
- VB.NET
→ View engine:
- ASPX
- Razor
Installed Location
By default, the .NET 4.5 C# ASPX version of the ASP.NET MVC 4.0 Basic Captcha sample project is installed at:
C:\Program Files\Lanapsoft\BotDetect 3 CAPTCHA Component\Asp.Net\v4.5\WebApp\AspNetMvc40BasicCaptchaSample\ASPX\CSharp
You can also run it from the BotDetect Start Menu:
Programs > Lanapsoft > BotDetect 3 CAPTCHA Component > ASP.NET > DotNET 4.5 Web Applications > Run
Views\Sample\Index.aspx
<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage" %> <%-- namespaces needed to access BotDetect members --%> <%@ Import namespace="BotDetect.Web.UI.Mvc" %> <!DOCTYPE html> <html> <head runat="server"> <meta name="viewport" content="width=device-width" /> <title>BotDetect CAPTCHA Basic ASP.NET MVC 4.0 Sample</title> <link href="<%: Url.Content("~/Style/Sheet.css") %>" rel="stylesheet" type="text/css" /> <link href="<%: Url.Content("~/" + BotDetect.Web.CaptchaUrls. LayoutStyleSheetUrl) %>" rel="stylesheet" type="text/css" /> </head> <body> <h1>BotDetect CAPTCHA Basic ASP.NET MVC 4.0 Sample</h1> <% using (Html.BeginForm()) { %> <fieldset> <legend>CAPTCHA Protection Shown on an ASP.NET MVC View</legend> <div> <%: Html.Label("CaptchaCode", "Retype the code from the picture:") %> <% MvcCaptcha sampleCaptcha = new MvcCaptcha("SampleCaptcha"); sampleCaptcha.UserInputClientID = "CaptchaCode"; %> <%: Html.Captcha(sampleCaptcha) %> </div> <div class="actions"> <%: Html.TextBox("CaptchaCode") %> <input type="submit" value="Validate" /> <%: Html.ValidationMessage("CaptchaCode") %> </div> </fieldset> <% } %> </body> </html>
To display Captcha protection on the sample View, we first ensure we can use BotDetect members by Import
-ing the relevant namespaces.
We then create a MvcCaptcha
instance, and add it to the form by calling the Html.Captcha()
Html helper with it.
In this simplest case, we also use the Html.ValidationMessage
helper to display Captcha validation errors.
Controllers\SampleController.cs
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; using AspNetMvc40BasicCaptchaSampleAspxCSharp.Models; using BotDetect.Web.UI.Mvc; namespace AspNetMvc40BasicCaptchaSampleAspxCSharp.Controllers { public class SampleController : Controller { // // GET: /Sample/ public ActionResult Index() { return View(); } // // POST: /Sample/ [HttpPost] [CaptchaValidation("CaptchaCode", "SampleCaptcha", "Incorrect CAPTCHA code!")] public ActionResult Index(SampleModel model) { MvcCaptcha.ResetCaptcha("SampleCaptcha"); return View(model); } } }
After we've included the BotDetect.Web.UI.Mvc
namespace, we just need to add the CaptchaValidation
attribute to the method processing form submissions. The attribute takes three parameters:
- the ID of the textbox containing the user's Captcha code input (which we named
CaptchaCode
on the form), - the ID of the Captcha instance we're validating (which we set to
SampleCaptcha
in theMvcCaptcha
constructor), and - the error message to be shown when Captcha validation fails.
When the Captcha validation action filter attribute has been added, the Captcha validation will trigger every time the form is submitted, and will automatically add a Model error with the error message configured above when Captcha validation fails. The Html.ValidationMessage
helper on the form will then display this error when Captcha validation fails.
App_Start\RouteConfig.cs
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; using System.Web.Routing; namespace AspNetMvc40BasicCaptchaSampleAspxCSharp { public class RouteConfig { public static void RegisterRoutes(RouteCollection routes) { routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); // BotDetect requests must not be routed routes.IgnoreRoute("{*botdetect}", new { botdetect = @"(.*)BotDetectCaptcha\.ashx" }); routes.MapRoute( name: "Default", url: "{controller}/{action}/{id}", defaults: new { controller = "Sample", action = "Index", id = UrlParameter.Optional } ); } } }
We configure ASP.NET Routing to ignore BotDetect requests, since they do not conform to any MVC-related patterns. The regex defining requests to ignore must match the path configured for the BotDetect HttpHandler
registered in web.config
.
Web.config
<?xml version="1.0" encoding="utf-8"?> <!-- For more information on how to configure your ASP.NET application, please visit http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <configSections> <section name="botDetect" requirePermission="false" type="BotDetect.Configuration.BotDetectConfigurationSection, BotDetect"/> </configSections> <appSettings> <add key="webpages:Version" value="2.0.0.0" /> <add key="webpages:Enabled" value="false" /> <add key="PreserveLoginUrl" value="true" /> <add key="ClientValidationEnabled" value="true" /> <add key="UnobtrusiveJavaScriptEnabled" value="true" /> </appSettings> <system.web> <httpRuntime targetFramework="4.5" /> <compilation debug="true" targetFramework="4.5" /> <!-- make sure Session State is enabled --> <pages enableSessionState="true"> <namespaces> <add namespace="System.Web.Mvc" /> <add namespace="System.Web.Mvc.Ajax" /> <add namespace="System.Web.Mvc.Html" /> <add namespace="System.Web.Routing" /> </namespaces> </pages> <!-- configure Session State for BotDetect use --> <sessionState mode="InProc" cookieless="AutoDetect" timeout="20" sessionIDManagerType="BotDetect.Web.CustomSessionIdManager, BotDetect"/> <httpHandlers> <!-- register HttpHandler used for BotDetect Captcha requests --> <add verb="GET" path="BotDetectCaptcha.ashx" type="BotDetect.Web.CaptchaHandler, BotDetect"/> </httpHandlers> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <handlers> <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" /> <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" /> <remove name="ExtensionlessUrlHandler-Integrated-4.0" /> <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET, HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0. 30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0, bitness32" responseBufferLimit="0" /> <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET, HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0. 30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0, bitness64" responseBufferLimit="0" /> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET, HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers. TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /> <!-- register HttpHandler used for BotDetect Captcha requests --> <remove name="BotDetectCaptchaHandler"/> <add name="BotDetectCaptchaHandler" preCondition="integratedMode" verb="GET" path="BotDetectCaptcha.ashx" type="BotDetect.Web.CaptchaHandler, BotDetect"/> </handlers> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> </assemblyBinding> </runtime> <botDetect> <captchaImage> <helpLink enabled="true" mode="image" /> </captchaImage> </botDetect> </configuration>
To allow the application to use BotDetect Captcha protection, we must enable and configure sessionState
, and register the BotDetect HttpHandler
in both <system.web><httpHandlers>
and <system.webServer><handlers>
configuration sections.
The <dependentAssembly>
entry for System.Web.Mvc
is also needed to make all ASP.NET MVC dependencies referenced by the BotDetect MVC assembly point to the correct ASP.NET MVC version.
Please Note
The information on this page is out of date and applies to a deprecated version of BotDetect™ CAPTCHA (v3.0).
An up-to-date equivalent page for the latest BotDetect Captcha release (v4) is BotDetect v4 Captcha documentation index.
General information about the major improvements in the current BotDetect release can be found at the What's New in BotDetect v4.0 page.
Current BotDetect Versions
-
BotDetect ASP.NET CAPTCHA
2019-07-22v4.4.2 -
BotDetect Java CAPTCHA
2019-07-22v4.0.Beta3.7 -
BotDetect PHP CAPTCHA
2019-07-22v4.2.5