BotDetect ASP.NET MVC 5 CAPTCHA Integration Quickstart

1. Add a Reference to BotDetect

Both the BotDetect.dll and BotDetect.Web.Mvc.dll assemblies should be referenced. They are included in the BotDetect installation.

2. Show a Captcha Challenge on the Form

In View code: import the BotDetect namespace, include BotDetect styles in page <head>, create a MvcCaptcha object and pass it to the Captcha HtmlHelper: 
@using BotDetect.Web.Mvc;

  […]

  <link href="@BotDetect.Web.CaptchaUrls.Absolute.LayoutStyleSheetUrl"
    rel="stylesheet" type="text/css" />
</head>

  […]

@{ MvcCaptcha exampleCaptcha = new MvcCaptcha("ExampleCaptcha"); 
exampleCaptcha.UserInputID = "CaptchaCode";}
@Html.Captcha(exampleCaptcha)
@Html.TextBox("CaptchaCode")

3. Check User Input During Form Submission

Mark the protected Controller action with the CaptchaValidation attribute to include Captcha validation in ModelState.IsValid checks: 
using BotDetect.Web.Mvc;
  
  […]

[HttpPost]
[AllowAnonymous]
[CaptchaValidation("CaptchaCode", "ExampleCaptcha", "Incorrect CAPTCHA code!")]
public ActionResult ExampleAction(ExampleModel model)
{
    if (!ModelState.IsValid)
    {  
      // TODO: Captcha validation failed, show error message      
    }  
    else
    {  
      // TODO: Captcha validation passed, proceed with protected action
      MvcCaptcha.ResetCaptcha("ExampleCaptcha");     
    }

4. Configure Your ASP.NET Application

Exclude BotDetect paths from ASP.NET MVC Routing: 
public static void RegisterRoutes(RouteCollection routes)
{
    routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

    // BotDetect requests must not be routed
    routes.IgnoreRoute("{*botdetect}", 
      new { botdetect = @"(.*)BotDetectCaptcha\.ashx" });
Update your application configuration (the web.config file): 
<system.web>
  <httpHandlers>
    <!-- Register the HttpHandler used for BotDetect Captcha 
      requests -->
    <add verb="GET" path="BotDetectCaptcha.ashx"
      type="BotDetect.Web.CaptchaHandler, BotDetect"/>
  </httpHandlers>
  <!-- Register a custom SessionIDManager for BotDetect Captcha 
    requests -->
  <sessionState mode="InProc" cookieless="AutoDetect" timeout="20" 
    sessionIDManagerType="BotDetect.Web.CustomSessionIdManager, BotDetect"/> 
</system.web>
<system.webServer>
  <validation validateIntegratedModeConfiguration="false"/>
  <handlers>
    <!-- Register the HttpHandler used for BotDetect Captcha 
      requests (IIS 7.0+) -->
    <remove name="BotDetectCaptchaHandler"/>
    <add name="BotDetectCaptchaHandler" preCondition="integratedMode" 
      verb="GET" path="BotDetectCaptcha.ashx"
      type="BotDetect.Web.CaptchaHandler, BotDetect"/>
  </handlers>
</system.webServer>

In-Depth ASP.NET MVC CAPTCHA Instructions and Explanations

Detailed ASP.NET MVC Captcha instructions and explanations can be found in the ASP.NET MVC Captcha integration how to guide.

Other BotDetect ASP.NET CAPTCHA Quickstarts

ASP.NET WebForms CAPTCHA.

ASP.NET Web Pages Basic CAPTCHA.

[back to top]

Current BotDetect Versions

Popular Content

© Captcha, Inc. 2004-2018. All rights reserved.

BotDetect, BotDetect CAPTCHA, Lanap, Lanap CAPTCHA, Lanap BotDetect, Lanap BotDetect CAPTCHA, Lanapsoft, Lanapsoft CAPTCHA, Lanapsoft BotDetect, Lanapsoft BotDetect CAPTCHA, and Lanap Software are trademarks of Captcha, Inc. All other product, brand, and company names are mentioned for identification purposes only and are trademarks or registered trademarks of their respective owners.

Captcha, Inc. -- formerly: Lanapsoft, Inc. / Lanap, Inc.