1. Add a Reference to BotDetect
Run the following command in the Package Manager Console:
PM> Install-Package Captcha
After the command execution, the references to the BotDetect.dll
, BotDetect.Web.Mvc.dll
, and
System.Data.SQLite.dll
assemblies will be added to your project.
If your project is not going to be using the Simple API, the System.Data.SQLite.dll
assembly reference can be safely removed from it.
Download the BotDetect ASP.NET CAPTCHA Generator archive. The root folder of the extracted archive
is referred as the <BDC-DIR>
.
The BotDetect binaries are located in:
<BDC-DIR>/v4.4.2/lgcy-on-lgcy/bin/
folder.
Copy the BotDetect.dll
and BotDetect.Web.Mvc.dll
files to the /your-app-backend-folder/bin/
folder --
and then reference them in your project.
2. Show a Captcha Challenge on the Form
In the Forms's View code: import the BotDetect namespace, include BotDetect styles in page <head>
, create a MvcCaptcha
object
and pass it to the Captcha HtmlHelper
:
@using BotDetect.Web.Mvc;
[…]
<link href="@BotDetect.Web.CaptchaUrls.Absolute.LayoutStyleSheetUrl"
rel="stylesheet" type="text/css" />
</head>
[…]
@{ MvcCaptcha exampleCaptcha = new MvcCaptcha("ExampleCaptcha");
exampleCaptcha.UserInputID = "CaptchaCode";}
@Html.Captcha(exampleCaptcha)
@Html.TextBox("CaptchaCode")
Add the CaptchaCode
property to Form's Model:
public string CaptchaCode { get; set; }
3. Check User Input During Form Submission
Mark the protected Controller action with the CaptchaValidationActionFilter
attribute to include Captcha validation in
ModelState.IsValid
checks:
using BotDetect.Web.Mvc;
[…]
[HttpPost]
[AllowAnonymous]
[CaptchaValidationActionFilter("CaptchaCode", "ExampleCaptcha", "Incorrect CAPTCHA code!")]
public ActionResult ExampleAction(ExampleModel model)
{
if (!ModelState.IsValid)
{
// TODO: Captcha validation failed, show error message
}
else
{
// TODO: captcha validation succeeded; execute the protected action
// Reset the captcha if your app's workflow continues with the same view
MvcCaptcha.ResetCaptcha("ExampleCaptcha");
}
Use the built-in Validate
method of a MvcCaptcha
instance.
In cases when a CaptchaControl instance is not available, use static Validate
method of MvcCaptcha class.
using BotDetect.Web.Mvc;
[…]
[HttpPost]
[AllowAnonymous]
public ActionResult ExampleAction(ExampleModel model)
{
// init mvcCaptcha instance with captchaId
MvcCaptcha mvcCaptcha = new MvcCaptcha("ExampleCaptcha");
// get user input value
string userInput = HttpContext.Request.Form["CaptchaCode"];
// get validatingInstanceId from HttpContext.Request.Form
string validatingInstanceId = HttpContext.Request.Form[mvcCaptcha.ValidatingInstanceKey];
// or get validatingInstanceId from above mvcCaptcha instance
//string validatingInstanceId = mvcCaptcha.WebCaptcha.ValidatingInstanceId;
// call the built-in Validate method from above MvcCaptcha instance.
// alternately you can use the static Validate method of the MvcCaptcha class
(i.e. MvcCaptcha.Validate("ExampleCaptcha", userInput, validatingInstanceId); )
if (mvcCaptcha.Validate(userInput, validatingInstanceId))
{
// TODO: captcha validation succeeded; execute the protected action
// Reset the captcha if your app's workflow continues with the same view
MvcCaptcha.ResetCaptcha("ExampleCaptcha");
}
else
{
ModelState.AddModelError("CaptchaCode", "Incorrect!");
}
return View(model);
}
4. Configure Your ASP.NET Application
Exclude BotDetect paths from ASP.NET MVC Routing:
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
// BotDetect requests must not be routed
routes.IgnoreRoute("{*botdetect}",
new { botdetect = @"(.*)BotDetectCaptcha\.ashx" });
Update your application configuration (the web.config
file):
<system.web>
<httpHandlers>
<!-- Register the HttpHandler used for BotDetect Captcha
requests -->
<add verb="GET" path="BotDetectCaptcha.ashx"
type="BotDetect.Web.CaptchaHandler, BotDetect"/>
</httpHandlers>
<!-- Register a custom SessionIDManager for BotDetect Captcha
requests -->
<sessionState mode="InProc" cookieless="AutoDetect" timeout="20"
sessionIDManagerType="BotDetect.Web.CustomSessionIdManager, BotDetect"/>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<!-- Register the HttpHandler used for BotDetect Captcha
requests (IIS 7.0+) -->
<remove name="BotDetectCaptchaHandler"/>
<add name="BotDetectCaptchaHandler" preCondition="integratedMode"
verb="GET" path="BotDetectCaptcha.ashx"
type="BotDetect.Web.CaptchaHandler, BotDetect"/>
</handlers>
</system.webServer>
1. Add a Reference to BotDetect
Run the following command in the Package Manager Console:
PM> Install-Package Captcha
After the command execution, the references to the BotDetect.dll
, BotDetect.Web.Mvc.dll
, and
System.Data.SQLite.dll
assemblies will be added to your project.
If your project is not going to be using the Simple API, the System.Data.SQLite.dll
assembly reference can be safely removed from it.
Download the BotDetect ASP.NET CAPTCHA Generator archive. The root folder of the extracted archive
is referred as the <BDC-DIR>
.
The BotDetect binaries are located in:
<BDC-DIR>/v4.4.2/lgcy-on-lgcy/bin/
folder.
Copy the BotDetect.dll
and BotDetect.Web.Mvc.dll
files to the /your-app-backend-folder/bin/
folder --
and then reference them in your project.
2. Show a Captcha Challenge on the Form
In View code: import the BotDetect namespace, include BotDetect styles in page <head>
, create a MvcCaptcha
object
and pass it to the Captcha HtmlHelper
:
@Imports BotDetect.Web.Mvc
[…]
<link href="@BotDetect.Web.CaptchaUrls.Absolute.LayoutStyleSheetUrl"
rel="stylesheet" type="text/css" />
</head>
[…]
@Code Dim exampleCaptcha As MvcCaptcha = New MvcCaptcha("ExampleCaptcha")
exampleCaptcha.UserInputID = "CaptchaCode" End Code
@Html.Captcha(exampleCaptcha)
@Html.TextBox("CaptchaCode")
Add the CaptchaCode
property to Form's Model:
Public Property CaptchaCode As String
3. Check User Input During Form Submission
Mark the protected Controller action with the CaptchaValidationActionFilter
attribute to include Captcha validation in
ModelState.IsValid
checks:
Imports System.Web.Mvc
[…]
<HttpPost()> _
<CaptchaValidationActionFilter("CaptchaCode", "ExampleCaptcha", "Incorrect CAPTCHA Code!")> _
Public Function Index(ByVal model As ExampleModel) As ActionResult
If ModelState.IsValid Then
' TODO: Captcha validation failed, show error message
Else
' TODO: captcha validation succeeded; execute the protected action
' Reset the captcha if your app's workflow continues with the same view
MvcCaptcha.ResetCaptcha("ExampleCaptcha");
Use the built-in Validate
method of a MvcCaptcha
instance.
In cases when a CaptchaControl instance is not available, use static Validate
method of MvcCaptcha class.
Imports System.Web.Mvc
[…]
<HttpPost()> _
Public Function Index(ByVal model As ExampleModel) As ActionResult
' init mvcCaptcha instance with captchaId
Dim mvcCaptcha = New MvcCaptcha("ExampleCaptcha")
' get user input value
Dim userInput As String = HttpContext.Request.Form("CaptchaCode")
' get validatingInstanceId from HttpContext.Request.Form
Dim validatingInstanceId As String = HttpContext.Request.Form(mvcCaptcha.ValidatingInstanceKey)
' or get validatingInstanceId from above mvcCaptcha instance
' Dim validatingInstanceId As String = mvcCaptcha.WebCaptcha.ValidatingInstanceId
' call the built-in Validate method from above MvcCaptcha instance.
' alternately you can use the static Validate method of the MvcCaptcha class (i.e. MvcCaptcha.Validate("ExampleCaptcha", userInput, validatingInstanceId); )
If (mvcCaptcha.Validate(userInput, validatingInstanceId)) Then
' TODO: captcha validation succeeded; execute the protected action
' Reset the captcha if your app's workflow continues with the same view
mvcCaptcha.ResetCaptcha("ExampleCaptcha")
Else
ModelState.AddModelError("CaptchaCode", "Incorrect!")
End If
Return View(model)
4. Configure Your ASP.NET Application
Exclude BotDetect paths from ASP.NET MVC Routing:
Public Sub RegisterRoutes(ByVal routes As RouteCollection)
routes.IgnoreRoute("{resource}.axd/{*pathInfo}")
' BotDetect requests must not be routed
routes.IgnoreRoute("{*botdetect}",
New With {.botdetect = "(.*)BotDetectCaptcha\.ashx"})
Update your application configuration (the web.config
file):
<system.web>
<httpHandlers>
<!-- Register the HttpHandler used for BotDetect Captcha
requests -->
<add verb="GET" path="BotDetectCaptcha.ashx"
type="BotDetect.Web.CaptchaHandler, BotDetect"/>
</httpHandlers>
<!-- Register a custom SessionIDManager for BotDetect Captcha
requests -->
<sessionState mode="InProc" cookieless="AutoDetect" timeout="20"
sessionIDManagerType="BotDetect.Web.CustomSessionIdManager, BotDetect"/>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<!-- Register the HttpHandler used for BotDetect Captcha
requests (IIS 7.0+) -->
<remove name="BotDetectCaptchaHandler"/>
<add name="BotDetectCaptchaHandler" preCondition="integratedMode"
verb="GET" path="BotDetectCaptcha.ashx"
type="BotDetect.Web.CaptchaHandler, BotDetect"/>
</handlers>
</system.webServer>