reCAPTCHA : Free Captcha service for ASP.NET

Its a common requirement that we require a captcha to be integrated on our page. I would like to mention a free captcha service which can be implemented in integrated on websites.

What is reCaptcha?

  1. reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows.
  2. It’s Free! Yep, reCAPTCHA is free.
  3. It’s Easy. reCAPTCHA is a Web service. As such, adopting it is as simple as adding
    a few lines of code on your site.
  4. It’s Accessible. reCAPTCHA has an audio test that allows blind people to freely
    navigate your site.
  5. It’s Secure. Most other CAPTCHA implementations can be easily broken.
  6. It’s Popular. Over 100,000 sites use reCAPTCHA, including household names like Facebook, Ticketmaster, and Craigslist.
  7. Whenever uses input data in reCaptcha control, they actually help digitizing books.

Moreover is very easy to integrate reCaptcha in our websites. Below are the steps
which are required to integrate it into a ASP.NET page.

Steps to Integrate reCaptcha in ASP.NET

  1. Register for a reCaptcha key : As a first step we need to register for recaptcha keys. Navigate to Get reCaptcha URL to signup for the keys. After we register for the keys, we get a public and private keys which we need to use in our asp.net page. By default all keys work on localhost as well.

  2. Download reCaptcha library for ASP.NET: Download the dll file from here. Also add the reference to the dll in the asp.net project.
  3. Add reCaptcha widget on ASP.NET page : Insert the reCAPTCHA control into the form you wish to protect by adding the following code snippets:
    • At the top of the aspx page, insert this:
      <%@ register
                      tagprefix="recaptcha" namespace="Recaptcha" assembly="Recaptcha" %>
    • Then insert the reCAPTCHA control inside of the form tag:
                      <recaptcha:recaptchacontrol id="recaptcha" runat="server" publickey="your_public_key"
                          privatekey="your_private_key" />
                      
  4. Make sure you use ASP.NET validation to validate your form (you should check Page.IsValid on submission).

As an example I created a ASP.NET page whose markup and code behind code looks as given below:

Markup:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="RecaptchaPage.aspx.cs" Inherits="ContosoUniversity.RecaptchaPage" %>
<%@ Register TagPrefix="recaptcha" Namespace="Recaptcha" Assembly="Recaptcha" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
     <asp:Label Visible="true" ID="lblResult" runat="server" />

     <recaptcha:RecaptchaControl
              ID="recaptcha"
              runat="server"
              Theme="red"
              PublicKey="6LcoxcASAAAAAGAQQz_xOTk4-ALrRQri_Cf8AuhL"
              PrivateKey="6LcoxcASAAAAALfZhquqene7_4bTrzmuqHBrkuk0"
              />

          <asp:Button ID="btnSubmit" runat="server" Text="Submit" OnClick="btnSubmit_Click" />

    </div>
    </form>
</body>
</html>

Code-behind

    public partial class RecaptchaPage : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            if (Page.IsValid) 
            {
              lblResult.Text = "Captcha sucessfull!";
              lblResult.ForeColor = System.Drawing.Color.Green;
            }
            else
            {
              lblResult.Text = "Incorrect";
              lblResult.ForeColor = System.Drawing.Color.Red;
            }
        }
    }

When I entered correct captcha text and pressed submit button following was the output:

When I entered incorrect captcha text and pressed submit button following was the output:

kick it on DotNetKicks.com

Shout it

Adding Blogs to an asp.net application

BlogEngine.NET

This is an opensource project and makes us very simple for us to add blogging engine to an asp.net application.

BlogEngine.NET may be the simplest and most light weight ASP.NET blog at the moment, but still full featured. Here are some of the features:

– Multi-author support
– Pingbacks and trackbacks
– Event based for plug-in writers
– Theming directly in master pages and user controls
– Gravatar and coComments implemented
– Live preview on commenting
– Comment moderation
– BlogML import/export
– Extension model
– Code syntax highlighting
– Mono support
– Full editing and creation of pages that are not posts
– Extended search capabilities
– Tag cloud
– Self updating blogroll
– Runs entirely on XML or SQL Server. Your choice.

Home page of BlogEngine.NET

kick it on DotNetKicks.com

Salting the Password in C#

dotnetlogo
Hashed passwords provide much better security than storing passwords in the database as simple text. They are, however, potentially vulnerable to a dictionary attack. In a dictionary attack, the attacker attempts to guess passwords by using software to iteratively hash all words in a large dictionary and compare the generated hashes to the stored hash values.

You can help prevent dictionary attacks by requiring the end users to define passwords that are not common words and that contain some numbers or other nonalphanumeric characters.

In addition, you can add a random set of bytes at the beginning or end of the password before hashing it. This random set of bytes is called a salt. You then store this salt value in the table along with the password.

There are many ways to generate a salt value. One way is to generate a globally unique ID, or GUID, as follows.

public static String ComputeSalt()
{
System.Guid GuidValue = System.Guid.NewGuid();
return GuidValue.ToString();
}

This code can also be included in your utility component so it can be reused.

By using both the hash and the salt, you can minimize the possibility of an unauthorized user accessing your application.