Captcha - Implement into an ASP.NET application
-
12/1/2005
- Author:
Brian Pautsch
- Category:
Code Snippets
-
9755
Views
-
14
Comments
-
Last night, I was over at my friend Jim's house working on some eBay and PayPal stuff. Jim was setting up a new eBay and PayPal account when he was presented with a Captcha image. He knew what he had to do, but asked me what it's purpose was. So it got me to thinking...what would it take to implement a Captcha image into an ASP.NET web application?
Download code
Background
Captcha - Wikipedia's Definition: (acronym for "completely automated public Turing test to tell computers and humans apart") is a type of challenge-response test used in computing to determine whether or not the user is human. The term was coined in 2000 by Luis von Ahn, Manuel Blum, and Nicholas J. Hopper of Carnegie Mellon University, and John Langford of IBM. A common type of captcha requires that the user type the letters of a distorted and/or obscured sequence of letters or digits that appears on the screen. Because the test is administered by a computer, in contrast to the standard Turing test that is administered by a human, a captcha is sometimes described as a reverse Turing test.

Basically, it's a distorted image of a sequence of letters and/or numbers. In order to proceed on a website, it requires the user to enter the value in a text box. Because the text is warped and the image area is filled with sprinkled pixels and shapes, it makes it almost impossible for a computer to read.
1. Create a class to generate the image - There are tons of examples online on how to create new bitmaps and add text and graphics. I used some of the experience I have with GDI and took some code from online examples. GDI isn't too difficult to code, but requires a good memory managment!
View the class code
2. Create an ASP.NET page to output the JPEG image - I searched all over for a way to load a binary output stream into the Image control, but no luck. It appears it is not possible without creating another page...so that's what I did. This page (CreateCaptcha.aspx) randomly creates a Captcha string, loads it into Session State (for verification later), instantiates the CaptchaImage class (which also creates the Captcha image), changes the Response ContentType to "image/jpeg" and writes the image to the Response output stream.
View the code behind
3. Create the webpage to display the Captcha image - The validation of the Captcha text is trivial, but the thing to learn here is how to load the image. In the ASPX HTML, you need to define the image tag like s <img src="CreateCaptcha.aspx"> When this is executed on the server, CreateCaptcha.aspx is invoked and the response is loaded into the image source.
View the ASPX code
View the code behind
User Comments
On
1/16/2009
Nitin Patil
said:
This is very good i get code to implement captch .
On
8/13/2008
Dave
said:
Very nice! It took me less than an hour to copy and paste code and implement in one of my existing forms (which, incidentally, is NOT a runat-server form). Thanks!
On
7/21/2008
cathy
said:
The code works perfectly fine.
GOOD JOB!
On
3/23/2008
Matt
said:
Captcha is best protect!
On
10/30/2006
dd
said:
dd
On
10/26/2006
said:
On
9/19/2006
Robin Jaiswal
said:
How to read text from the Captcha image
On
7/6/2006
Brian Pautsch
said:
Yeah...you have to make sure the javascript takes all browsers into account. I just got my latest issue of asppro.net yesterday and Dino Esposito has a nice article on setting the default key. I'll try to get it on here within a few days.
On
7/6/2006
Paul
said:
Enter Key Capture code is not cross browser happy. Different browsers handle "enter" differently... Just FYI
On
7/4/2006
Brian Pautsch
said:
You need to catch the enter key…use the code I blogged about at http://www.brianpautsch.com/Blog/2005/7/23/DefaultButton/Default.aspx
On
7/4/2006
paul
said:
Hi brian its a great script, just curiously if you press enter it dosnt seam to like that
On
3/7/2006
Brian Pautsch
said:
It's in the download in Default.aspx.cs, but here it is again:
private void cmdValidate_Click(object sender, System.EventArgs e)
{
if (txtEntry.Text == Session["CaptchaText"].ToString())
lblMessage.Text = "Correct";
else
lblMessage.Text = "Incorrect (case sensitive)";
txtEntry.Text = "";
}
On
3/7/2006
Grant Geyer
said:
What about the code to validate it?
Leave a Comment