Simple Captcha with ASP.NET

Announcements

	Try Azure, Win a Laptop
	Build a VS2010 addin win a Zune
	Monthly Competition

The Daily Insider

Hacker Disables More Than 100 Cars Remotely

Daily IT news: Signup now.

Articles

Platforms, Frameworks & Libraries

Languages

General Programming

Graphics / Design

Development Lifecycle

Services

CodeProject VS2008 Addin

Feature Zones

Product Showcase

WhitePapers / Webcasts

.NET Dev Library

ASP.NET Web Hosting

Advanced Search
Add to IE Search

Print Friendly

Discuss

Report

9 votes for this article.

Popularity: 1.87 Rating: 1.96 out of 5

Introduction

I was trying to find a solution to block spammers adding data to the database, using C#. This is the quick solution I found.

First create an image tag in the webform that has the submit form.
```
<IMG height="30" alt="" src="Turing.aspx" width="80">
```
As you see, the source for the picture will be a file called �Turing.aspx�.

Later, create the webform �Turing.aspx� with the code below:

public class Turing1 : System.Web.UI.Page
{
    private void Page_Load(object sender, System.EventArgs e)
    {
        Bitmap objBMP =new System.Drawing.Bitmap(60,20);
        Graphics objGraphics = System.Drawing.Graphics.FromImage(objBMP);
        objGraphics.Clear(Color.Green);

        objGraphics.TextRenderingHint = TextRenderingHint.AntiAlias;

        //' Configure font to use for text

        Font objFont = new  Font("Arial", 8, FontStyle.Bold);
        string randomStr="";
        int[] myIntArray = new int[5] ;
        int x;

        //That is to create the random # and add it to our string

        Random autoRand = new Random();

        for (x=0;x<5;x++)
        {
            myIntArray[x] =  System.Convert.ToInt32 (autoRand.Next(0,9));
            randomStr+= (myIntArray[x].ToString ());
        }

        //This is to add the string to session cookie, to be compared later

        Session.Add("randomStr",randomStr);

        //' Write out the text

        objGraphics.DrawString(randomStr, objFont, Brushes.White,  3, 3);

        //' Set the content type and return the image

        Response.ContentType = "image/GIF";
        objBMP.Save(Response.OutputStream, ImageFormat.Gif);

        objFont.Dispose();
        objGraphics.Dispose();
        objBMP.Dispose();
   }
}

And this is the code for the Submit button on the main form:

private void btnSubmit_ServerClick(object sender, System.EventArgs e)
{
    if (Page.IsValid && (txtTuring.Value.ToString () == 
                            Session["randomStr"].ToString ())) 
    {
         // The Code to insert data

    }
    else
    {
        Label1.Text ="Please enter info correctly";
    }
}

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Oguz Altuncu

Member

Location:

Canada

Other popular Web Security articles:

Role-based Security with Forms Authentication
Provides insight and tips on using role-based (groups) Forms Authentication in ASP.NET, which has only partial support for roles.
Switching Between HTTP and HTTPS Automatically: Version 2
An article on automatically switching between HTTP and HTTPS protocols without hard-coding absolute URLs
Forms Authentication and Role based Authorization: A Quicker, Simpler, and Correct Approach
This article describes a correct and smarter way of implementing Role based authorization with Forms authentication in ASP.NET.
Securing ASP.NET Applications
This article takes a look at two recent attacks on web applications and how they were perpetrated. Then it dives head first into a litany of different potential security holes and more importantly, how to plug them in ASP.Net.
HttpSecureCookie, A Way to Encrypt Cookies with ASP.NET 2.0
Discussing how to encode and tamper-proof text and cookies using the MachineKey, by using reflection.

Article Top

You must Sign In to use this message board.

FAQ
Noise Tolerance Layout Per page

This won't block spammers!

JJF007

5:55 5 Aug '05

All you do is to write some random chars out at the same formating and font. This will prevent maybe some beginners to get the code, but with just some simple coding algorithms its possible to get the wanted letters back from the image! All spamm blocking image creators use differnt high, angels and fonts for sometimes each letter.
Sign In·View Thread·PermaLink

Re: This won't block spammers!

lordofthexings

6:11 5 Aug '05

That's the simplest way to do it, I am sure it will prevent many bots. Thanks for the advice
Sign In·View Thread·PermaLink

Re: This won't block spammers!

Sean Michael Murphy

11:10 5 Aug '05

You can make it a little harder on OCR attacks just by changing from a solid brush to a hatch brush. Instead of this:

// Write out the text
objGraphics.DrawString(randomStr, objFont, Brushes.White,  3, 3);

Do this:

// Write out the text
HatchBrush hb = new HatchBrush(HatchStyle.Sphere, Color.Red, Color.Wheat);
objGraphics.DrawString(randomStr, objFont, hb,  3, 3);

Play with the HatchStyle enumeration. It chops up the characters a bit more, making them slightly harder to process via code.

Sean

Re: This won't block spammers!

norm.net

10:10 6 Aug '05

Apply some transforms to the image and bingo, you've now it. Blogless
Sign In·View Thread·PermaLink

Re: This won't block spammers!

Anonymous

6:11 5 Aug '05

totally right. even Captcha has been cracked http://www.captcha.net/
Sign In·View Thread·PermaLink

General News Question Answer Joke Rant Admin

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+PgUp/PgDown to switch pages.

PermaLink | Privacy | Terms of Use
Last Updated: 5 Aug 2005
Editor: Smitha Vijayan