Coding Horror

programming and human factors

An ASP.NET CAPTCHA Server Control

A few days ago, I found a really cool CAPTCHA ASP.NET code sample. I converted it to VB.NET and repackaged it as a full blown ASP.NET server control:

screenshot of ASP.NET CAPTCHA server control

It's as simple as I could make it: a total drag and drop, set the (three) properties and forget it implementation. The only tricky part was dealing with the dynamically generated image. You will have to add this HttpHandler section to your web.config file when you use the CaptchaControl 

<httpHandlers>
<add verb="*" path="CaptchaImage.aspx"
type="WebControlCaptcha.CaptchaImageStream, WebControlCaptcha" />
</httpHandlers>

You can download the zipped VS.NET 2003 solution from my CodeProject article if you're interested. There are only two projects in the solution; an ultra simple demo website and the control library itself.

I should also mention that I tested this CAPTCHA against OCR software, specifically OmniPage Pro 14. It does suprisingly well for a couple key reasons-- low contrast, and all the characters are warped. It's possible to defeat it, but it's definitely not a trivial "drag to OCR window" situation. My kudos to BrainJar for coming up with this simple yet effective CAPTCHA.

Written by Jeff Atwood

Indoor enthusiast. Co-founder of Stack Overflow and Discourse. Disclaimer: I have no idea what I'm talking about. Find me here: https://infosec.exchange/@codinghorror