The new Recaptcha 2 looks promising, but i didn't find a way to validate it in ASP.NET's server side,
General discussions about reCAPTCHA; Sharing what you've built with other members of the reCAPTCHA developer community. Do not use this group for: Questions involving code. They should be posted to StackOverflow with the 'recaptcha' tag. Reporting a bug or requesting a feature, ask those to the reCAPTCHA team directly. Captcha code in asp.net i geve here captcha code in asp.net in this you requere to add latest jquery file and add one Image folder name is 'numbers' you add images of number image '0.gif' to '9.gif'.
if(Page.IsValid)
in This answer, is valid for the old Recaptcha, but not the new one,How to validate the new reCAPTCHA in server side?
Community♦
AlaaAlaa5,3011515 gold badges4646 silver badges8181 bronze badges
10 Answers
After reading many resources, I ended up with writing this class to handle the validation of the new ReCaptcha :
As mentioned Here : When a reCAPTCHA is solved by end user, a new field (g-recaptcha-response) will be populated in HTML.
We need to read this value and pass it to the class below to validate it:
In C#:
In the code behind of your page :
The Class:
In VB.NET:
In the code behind of your page :
The Class:
Donnelle5,10033 gold badges2121 silver badges3030 bronze badges
AlaaAlaa5,3011515 gold badges4646 silver badges8181 bronze badges
Here's a version that uses the JavaScriptSerializer. Thanks Ala for the basis for this code.
WebConfig App Setting - I've added the secret key to the Web.Config in my case to allow transforms between environments. It can also be easily encrypted here if required.
The ReCaptcha Class - A simple class to post the response parameter along with your secret to Google and validate it. The response is deserialized using the .Net JavaScriptSerializer class and from that true or false returned.
Validate The Response - Check the validity of the g-Recaptcha-Response form parameter in your Controller (or code behind for a web form) and take appropriate action.
PaulPaul
Most of these answers seem more complex than needed. They also dont specify the IP which will help prevent a interception attack (https://security.stackexchange.com/questions/81865/is-there-any-reason-to-include-the-remote-ip-when-using-recaptcha). Here's what I settled on
Luke McGregorLuke McGregor24.1k1313 gold badges100100 silver badges159159 bronze badges
You can use 'IsValidCaptcha()' method to validate your google recaptcha on server side. Replace your secret key with 'YourRecaptchaSecretkey' in the following method.
Also create following class as well.
Reference link
Tabish UsmanTabish Usman
2,12322 gold badges1212 silver badges1313 bronze badges
According to the doc you just post your secret key and user's answer to API and read returned 'success' property
SHORT ANSWER:
FULL EXAMPLE:
Suppose, you implement this page in IamNotARobotLogin.cshtml.
And suppose you wish the controller saved, let's say, 'I_AM_NOT_ROBOT' flag in the session if the verification succeeded:
epoxepox
Here's my fork of Ala's solution in order to:
- send paramter in POST
- to sanitize the form input
- include the requester IP address
- store the secret in Web.Config:
In the controller:
The utility class:
Olivier de RivoyreOlivier de Rivoyre1,20511 gold badge1414 silver badges2222 bronze badges
Another example is posted here:
It also implements the secure token option of Recaptcha 2.0 (look at full source code for that bit, I have stripped out relevant pieces of code ONLY for validating a result).
This one doesn't rely on newtonsoft's json parser and instead uses the built in .NET one.
Here is the relevant snippet of code from the RecaptchaV2.NET library (from recaptcha.cs):
MattMatt
Google's ReCaptcha API no longer accepts the payload as query string parameters in a GET request. Google always returned a 'false' success response unless I sent the data via HTTP POST. Here is an update to Ala's (excellent!) class which POSTs the payload to the Google service endpoint:
Justin GouldJustin Gould
Using dynamic to validate recaptcha at server side
Calling Function
Function Declaration
Arun Prasad E SArun Prasad E S4,26422 gold badges4040 silver badges5454 bronze badges
the example I posted in this so post uses Newtonsoft.JSON to deserialize the full returned JSON, posts the data to Google(as opposed to using a querystring) stores the relevant variables in the web.config rather than hard coded.
Community♦
BrentBrent2,67922 gold badges2626 silver badges3535 bronze badges
protected by Community♦Jul 14 '15 at 14:52
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Would you like to answer one of these unanswered questions instead?