How To Add BotDetect CAPTCHA Protection to Classic ASP Forms

First Time Here?

Check the BotDetect Developer Crash Course for key integration steps.

Protecting your ASP forms with BotDetect Classic ASP Captcha requires a few steps, outlined on this page. Displaying the Captcha challenge can be as simple as:

<% ' Adding BotDetect CAPTCHA to the page 
  Dim ExampleCaptcha : Set ExampleCaptcha = (New Captcha)(
  "ExampleCaptcha")
  ExampleCaptcha.UserInputID = "CaptchaCode"
  Response.Write ExampleCaptcha.Html
%>
and checking user input when the form is submitted:
Dim isHuman : isHuman = ExampleCaptcha.Validate()

You can also see how BotDetect Captcha protection has been added to various kinds of ASP forms and projects by running the BotDetect Captcha ASP integration code examples coming with the BotDetect installation. You can also reuse the example project source code that fits your requirements.

CAPTCHA Integration Steps

To add BotDetect Captcha protection to an ASP Classic website:

Include BotDetect Files in the ASP Application

BotDetect Captcha can simply be included in ASP applications by copying the Captcha library files from the BotDetect ASP installation folder.

You will need to copy the following to your ASP application's root folder:

  • the BotDetect.asp file from:
    C:\Program Files\Captcha Inc\BotDetect 4 CAPTCHA Component\Asp\
      CaptchaLibrary\BotDetect.asp
  • the whole BotDetect folder (containing 12 files in total) from:
    C:\Program Files\Captcha Inc\BotDetect 4 CAPTCHA Component\Asp\
      CaptchaLibrary\BotDetect

We'll explain the details of individual Captcha library files later, and focus on the simplest way to use them for now.

Display Captcha Protection on the ASP Form

We'll assume you already have a form which can be posted (<form method="post" ...), with other fields in place.

First, include the BotDetect Captcha library and stylesheet in the ASP form header, just before the closing <head> tag:

  
  <link type="text/css" rel="Stylesheet" href="<%= CaptchaUrls.LayoutStylesheetUrl() %>" />
  <!-- #include file ="BotDetect.asp" -->
</head>

Including the library in the page header automatically includes the BotDetect Captcha layout spreadsheet.

To display the Captcha test on your form, you will need the following Html elements:

  • A textbox for the Captcha code user input, with a label displaying Captcha instructions
  • The Captcha markup including the image, sound and reload icons etc., which will be generated by the Captcha library
For example:
<label for="CaptchaCode">Retype the characters from the picture:
</label>


<% ' Adding BotDetect CAPTCHA to the page 
  Dim ExampleCaptcha : Set ExampleCaptcha = (New Captcha)("ExampleCaptcha")
  ExampleCaptcha.UserInputID = "CaptchaCode"
  Response.Write ExampleCaptcha.Html
%>

<input name="CaptchaCode" id="CaptchaCode" type="text" />

The VbScript code above creates a new instance of the Captcha class defined by the BotDetect ASP Captcha library, tells it which textbox is used to input Captcha codes, and calls the Html subroutine to generate all needed BotDetect Html elements.

When you open your form in a browser, the above declarations should render as:

BotDetect CAPTCHA added to an ASP page

If you are adding Captcha protection to multiple ASP forms in the same application, you should take care to give each one a unique name (e.g. "RegistrationCaptcha", "CommentCaptcha", ...) in the Captcha object constructor.

Validate Captcha User Input During ASP Form Submission

Since we want to ensure only real human users can perform a certain action (e.g. account registration or comment submission), we also have to add Captcha validation code which will process form submissions, and only allow certain actions if Captcha validation succeeds.

Form Has No Action

In the simplest case (when the form posts to itself, i.e. the action attribute is not set), you will process form submissions on the form itself:
<% If Request.ServerVariables("REQUEST_METHOD") = "POST" Then
  
  ' CAPTCHA user input validation
  Dim isHuman : isHuman = ExampleCaptcha.Validate()
  
  If Not isHuman Then 
    ' CAPTCHA validation failed, show error message
    Response.Write "Incorrect Captcha code"
  Else 
    ' CAPTCHA validation passed, perform protected action
    ' TODO
  End If 
  
End If %>

The above code is very simple:

  • The If Request.ServerVariables("REQUEST_METHOD") = "POST" line ensures the code only runs when the form is submitted
  • The Dim isHuman : isHuman = ExampleCaptcha.Validate() line calls the Validate() function of the Captcha object, which returns True if the submitted Captcha code matches the one used for Captcha image generation, or False otherwise
  • Depending on the Captcha validation result, we either show a simple error message, or proceed with form submission

This approach is shown in the BotDetect basic ASP integration code example included in the BotDetect installation.

Separate Form Processing Action

If your form posts to a separate .asp file, you can use the same Captcha validation code, you just have to create a Captcha object instance with the same name as the one used on the form first:

' Captcha validation 
Dim ExampleCaptcha : Set ExampleCaptcha = (New Captcha)("ExampleCaptcha")
ExampleCaptcha.UserInputID = "CaptchaCode"
Dim isHuman : isHuman = ExampleCaptcha.Validate()

If Not isHuman
  Response.Redirect "Default.asp" & "?captchaValid=False"
End If

' TODO: continue with form submission

In this case, if the correct Captcha code wasn't submitted, we redirect the user back to the original form (adding a simple querystring for easier error reporting). You can also integrate the isHuman result with other form validation code, depending on your overall form validation approach.

This approach is shown in the BotDetect ASP form integration code example included in the BotDetect installation.