Click here to Skip to main content
14,579,769 members


Rate this:
4.89 (230 votes)
Please Sign up or sign in to vote.
4.89 (230 votes)
9 Feb 2004CPOL
Using CAPTCHA images to prevent automated form submission

Sample Image - CaptchaImage.gif


CAPTCHA stands for "completely automated public Turing test to tell computers and humans apart." What it means is, a program that can tell humans from machines using some type of generated test. A test most people can easily pass but a computer program cannot.

You've probably encountered such tests when signing up for an online email or forum account. The form might include an image of distorted text, like that seen above, which you are required to type into a text field.

The idea is to prevent spammers from using web bots to automatically post form data in order to create email accounts (for sending spam) or to submit feedback comments or guestbook entries containing spam messages. The text in the image is usually distorted to prevent the use of OCR (optical character reader) software to defeat the process. Hotmail, PayPal, Yahoo and a number of blog sites have employed this technique.

This article demonstrates how to create such an image and employ it within an ASP.NET web form.


You can find more information on CAPTCHA at The CAPTCHA Project and read about its use in foiling purveyors of pills, pr0n and pyramid-schemes in an article from Scientific American entitled Baffling the Bots.

Before using this technique however, you should consider how it will affect your site's accessibility to the blind and other visually impaired visitors. PayPal attempts to address this problem on their sign up form by including a link to an audio file, in which a voice spells out the image text.

The code presented here produces only an image. But, if you had code to generate an audio file, you could easily integrate it.

Using the Code

The source code zip file contains the source for one class and two web forms. To use it, just create a new web project and add those items.


  • CaptchaImage.cs - defines the CapchaImage object which actually creates the image
  • Default.aspx, Default.aspx.cs - a sample web form
  • JpegImage.aspx, JpegImage.aspx.cs - a web form designed to output a JPEG image rather than HTML

Let's look at each component and its purpose.


The CaptchaImage object creates an image given parameters for the text to be displayed, the image dimensions and, optionally, the font to use.

The heart of the code is the GenerateImage() method, shown below, which creates a bitmap image of the specified width and height. This method is called from the CaptchaImage constructor, so the image is ready as soon as you create a new instance of the object.

To create the image, we first fill in the background using a hatched brush (the "dirtier" the image appears, the harder it is for an OCR program to read it).

To make the text fit within the image, we start with an initial font size based on the image height and use the Graphics.MeasureString() method to find the resulting dimensions of the drawn text. If the text exceeds the image dimensions, we reduce the font size and test again and again until a suitable font size is found.

// ====================================================================
// Creates the bitmap image.
// ====================================================================
private void GenerateImage()
  // Create a new 32-bit bitmap image.
  Bitmap bitmap = new Bitmap(

  // Create a graphics object for drawing.
  Graphics g = Graphics.FromImage(bitmap);
  g.SmoothingMode = SmoothingMode.AntiAlias;
  Rectangle rect = new Rectangle(0, 0, this.width, this.height);

  // Fill in the background.
  HatchBrush hatchBrush = new HatchBrush(
  g.FillRectangle(hatchBrush, rect);

  // Set up the text font.
  SizeF size;
  float fontSize = rect.Height + 1;
  Font font;
  // Adjust the font size until the text fits within the image.
    font = new Font(
    size = g.MeasureString(this.text, font);
  } while (size.Width > rect.Width);

  // Set up the text format.
  StringFormat format = new StringFormat();
  format.Alignment = StringAlignment.Center;
  format.LineAlignment = StringAlignment.Center;

  // Create a path using the text and warp it randomly.
  GraphicsPath path = new GraphicsPath();
    (int) font.Style,
    font.Size, rect,
  float v = 4F;
  PointF[] points =
    new PointF(
      this.random.Next(rect.Width) / v,
      this.random.Next(rect.Height) / v),
    new PointF(
      rect.Width - this.random.Next(rect.Width) / v,
      this.random.Next(rect.Height) / v),
    new PointF(
      this.random.Next(rect.Width) / v,
      rect.Height - this.random.Next(rect.Height) / v),
    new PointF(
      rect.Width - this.random.Next(rect.Width) / v,
      rect.Height - this.random.Next(rect.Height) / v)
  Matrix matrix = new Matrix();
  matrix.Translate(0F, 0F);
  path.Warp(points, rect, matrix, WarpMode.Perspective, 0F);

  // Draw the text.
  hatchBrush = new HatchBrush(
  g.FillPath(hatchBrush, path);

  // Add some random noise.
  int m = Math.Max(rect.Width, rect.Height);
  for (int i = 0; i < (int) (rect.Width * rect.Height / 30F); i++)
    int x = this.random.Next(rect.Width);
    int y = this.random.Next(rect.Height);
    int w = this.random.Next(m / 50);
    int h = this.random.Next(m / 50);
    g.FillEllipse(hatchBrush, x, y, w, h);

  // Clean up.

  // Set the image.
  this.image = bitmap;

Once the font is set, we define a GraphicsPath() which essentially converts the text to a set of lines and curves. This can then be distorted using the GraphicsPath.Warp() method with some randomly generated values. The effect is similar to holding a cardboard sign up by opposite corners and giving it a bit of a twist. The resulting path is drawn onto the image, again using a hatch brush to give it a "dirty" appearance.

To complete the distortion, small blots are randomly painted over the image. You could experiment with other effects to thwart OCRs, but keep in mind that it should still be legible to humans, some of whom may have visual impairments.


This is a very simple sample web form that contains only a few basic elements, namely an <IMG> tag for the image, a text box and a "Submit" button.

<form id="Default" method="post" runat="server">
  <img src="JpegImage.aspx"><br>
    <strong>Enter the code shown above:</strong><br>
    <asp:TextBox id="CodeNumberTextBox" runat="server"></asp:TextBox>
    <asp:Button id="SubmitButton" runat="server" Text="Submit">
    <em class="notice">
      (Note: If you cannot read the numbers in the above<br>
      image, reload the page to generate a new one.)</em>
  <p><asp:Label id="MessageLabel" runat="server"></asp:Label></p>

Note that the SRC attribute of the <IMG> tag points to the web form JpegImage.aspx.

The code-behind for Default.aspx simply generates a random text string for the image and validates that this text was entered by the user when the form is submitted. The key is to store the text string in the Session object.

private void Page_Load(object sender, System.EventArgs e)
  if (!this.IsPostBack)

    // Create a random code and store it in the Session object.
    this.Session["CaptchaImageText"] = GenerateRandomCode();

    // On a postback, check the user input.
    if (this.CodeNumberTextBox.Text ==
      // Display an informational message.
      this.MessageLabel.CssClass = "info";
      this.MessageLabel.Text = "Correct!";
      // Display an error message.
      this.MessageLabel.CssClass = "error";
      this.MessageLabel.Text = "ERROR: Incorrect, try again.";

      // Clear the input and create a new random code.
      this.CodeNumberTextBox.Text = "";
      this.Session["CaptchaImageText"] = GenerateRandomCode();

The reason for storing the text string in the Session object is so that it can be accessed by JpegImage.aspx.


For this web form, no HTML is needed (what's there is just the default code generated by Visual Studio when the file was created). Instead of HTML, the code will produce a JPEG image.

In the code-behind, we first create a CaptchaImage object, using the text retrieved from the Session object. This creates a bitmap image for us.

private void Page_Load(object sender, System.EventArgs e)
  // Create a CAPTCHA image using the text stored in the Session object.
  CaptchaImage ci = new CaptchaImage(
    200, 50, "Century Schoolbook");

  // Change the response headers to output a JPEG image.
  this.Response.ContentType = "image/jpeg";

  // Write the image to the response stream in JPEG format.
  ci.Image.Save(this.Response.OutputStream, ImageFormat.Jpeg);

  // Dispose of the CAPTCHA image object.

We then modify the HTTP response headers to set the Content-type to "image/jpeg" so the client browser will know we are sending an image.

The last step is to retrieve the bitmap image from CaptchaImage.Image and write it to the HTTP response output stream in JPEG format. Fortunately, the Save() method of the Bitmap object makes this simple. Any other supported image format could be used as well so long as the Content-type header is set accordingly.

Points of Interest

Because the CaptchaImage class contains a Bitmap object, and bitmaps employ unmanaged resources, a custom Dispose() method is implemented. This allows those unmanaged resources to be freed whenever a CaptchaImage is destroyed.


  • January 26, 2004 - version 1.0
    • Initial version
  • February 2, 2004 - version 1.01
    • Minor fix to correct parameter checking in CaptchaImage.SetDimensions()


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Web Developer
United States United States
No Biography provided

Comments and Discussions

Bug[My vote of 1] Doesn't Compile Pin
Member 1115040213-Oct-17 5:55
MemberMember 1115040213-Oct-17 5:55 
SuggestionDownload Captcha Image Pin
Member 1270011323-Aug-16 19:53
MemberMember 1270011323-Aug-16 19:53 
QuestionBe nice if it worked Pin
Sammy Hale26-Aug-13 10:04
MemberSammy Hale26-Aug-13 10:04 
QuestionParser Error in Vs 2010 Pin
Raj.Rautela16-Mar-13 2:07
MemberRaj.Rautela16-Mar-13 2:07 
Questionlicense Pin
sprixxx28-Jan-13 0:36
Membersprixxx28-Jan-13 0:36 
GeneralMy vote of 5 Pin
arashtixawd28-Dec-12 1:55
Memberarashtixawd28-Dec-12 1:55 
QuestionCaptcha is noy displaying in OS Windows XP Pin
Adepto30-Sep-12 14:31
MemberAdepto30-Sep-12 14:31 
QuestionIt does not work in Android, help Pin
juanjosei24-Sep-12 6:32
Memberjuanjosei24-Sep-12 6:32 
Questionimage not displayed when published in IIS7 Pin
Member 944762721-Sep-12 3:17
MemberMember 944762721-Sep-12 3:17 
QuestionCan't see the image Pin
mishkaPishka2-Sep-12 1:16
MembermishkaPishka2-Sep-12 1:16 
GeneralAwesome!!!! Pin
Michael Valverde27-Jun-12 9:58
MemberMichael Valverde27-Jun-12 9:58 
QuestionIssue in website implementation Pin
smartboy78619-Jun-12 0:44
Membersmartboy78619-Jun-12 0:44 
GeneralMy Vote of 5 Pin
Angsuman Chakraborty29-Nov-11 20:53
MemberAngsuman Chakraborty29-Nov-11 20:53 
QuestionTesting of captcha code Pin
Member 843700327-Nov-11 1:39
MemberMember 843700327-Nov-11 1:39 
AnswerRe: Testing of captcha code Pin
mneale121-Dec-11 7:38
Membermneale121-Dec-11 7:38 
AnswerRe: Testing of captcha code Pin
mneale121-Dec-11 8:42
Membermneale121-Dec-11 8:42 
Questionhaving problems creating captcha database Pin
Phakamile8819-Oct-11 8:01
MemberPhakamile8819-Oct-11 8:01 
Questioncapcha Pin
Linkz_G27-Sep-11 23:34
MemberLinkz_G27-Sep-11 23:34 
QuestionUse handler instead of web form Pin
JC Gauthier20-Aug-11 17:42
MemberJC Gauthier20-Aug-11 17:42 
QuestionToday cracked Pin
asapinfo1-Aug-11 23:45
Memberasapinfo1-Aug-11 23:45 
GeneralMy vote of 5 Pin
Md. Marufuzzaman25-Jul-11 9:48
professionalMd. Marufuzzaman25-Jul-11 9:48 
Generalcaptcha image with database Pin
nanba903-Apr-11 2:49
Membernanba903-Apr-11 2:49 
GeneralRe: captcha image with database Pin
#realJSOP3-Apr-11 3:02
mva#realJSOP3-Apr-11 3:02 
GeneralRe: captcha image with database Pin
nanba903-Apr-11 6:29
Membernanba903-Apr-11 6:29 
GeneralMy vote of 5 Pin
ZeeroC00l3-Apr-11 2:09
Member ZeeroC00l3-Apr-11 2:09 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Posted 25 Jan 2004


600 bookmarked