ASP.NET CAPTCHA control, improved

Jeff Atwood

02 Oct 2004 — 1 min read — Comments

I improved the ASP.NET CAPTCHA server control I mentioned yesterday:

Control respects all standard ASP.NET server control properties (font, border, accesskey, enabled, etcetera)
Hide ViewState property (it’s required!)
Added CaptchaLength property
Added CaptchaFontWarping property
Improve font sizing algorithm
Improve warping algorithm (more mild distortion, no more drawing outside the box)
Remove “1,0,I,O” from possible Captcha characters to prevent confusion in entering text
Text is now optional
Lots of other little improvements

If you are willing to sacrifice less OCR-ability for more human readability, you can adjust the CaptchaLength and CaptchaFontWarping properties to taste. For most applications, simply having a CAPTCHA of any sort is probably enough to block casual bot attacks, and shorter less warped phrases are definitely a lot easier to read. The default is 6 characters with medium warping, which is a good blend.

You can download the solution from my CodeProject article if you’re interested. There are only two projects in the solution; an ultra simple demo website and the control library itself.

To see a CAPTCHA in action, check out the Yahoo mail signup page. Refreshing the page will generate a new one every time...

My Scaling Hero

Inspiration for Stack Overflow occasionally comes from the unlikeliest places. Have you ever heard of the dating website, Plenty of Fish? Markus Frind built the Plenty of Fish Web site in 2003 as nothing more than an exercise to help teach himself a new programming language, ASP.NET. The site

Wrangling ASP.NET Viewstate

Inspired by Scott Hanselman's recent post on ASP.NET viewstate wrangling [http://www.hanselman.com/blog/MovingViewStateToTheBottomOfThePage.aspx], here's a roundup of tips for dealing with that ornery viewstate stuff. The first rule of thumb, of course, is to turn it off whenever you can. But

Recursive Page.FindControl

I'm currently writing my first ASP.NET 2.0 website. VS.NET 2005 is worlds better than VS.NET 2003, but I was mildly surprised to find that Microsoft still hasn't added a recursive overload for Page.FindControl. So, courtesy of Oddur Magnusson [http://weblogs.asp.

ASP.NET NTLM Authentication - is it worth it?

At work, we have the luxury of assuming that everyone’s on an intranet. So when it comes to identity management on our ASP.NET websites, NTLM authentication is the go-to solution. Why trouble the user with Yet Another Login Dialog when you can leverage the built in NTLM functionality

Recent Posts

Stay Gold, America

We are at an unprecedented point in American history, and I'm concerned we may lose sight of the American Dream.

The Great Filter Comes For Us All

With a 13 billion year head start on evolution, why haven’t any other forms of life in the universe contacted us by now? (Arrival is a fantastic movie. Watch it, but don’t stop there – read the Story of Your Life novella it was based on for so much

I Fight For The Users

If you haven’t been able to keep up with my blistering pace of one blog post per year, I don’t blame you. There’s a lot going on right now. It’s a busy time. But let’s pause and take a moment to celebrate that Elon Musk

The 2030 Self-Driving Car Bet

It’s my honor to announce that John Carmack and I have initiated a friendly bet of $10,000* to the 501(c)(3) charity of the winner’s choice: By January 1st, 2030, completely autonomous self-driving cars meeting SAE J3016 level 5 will be commercially available for passenger use

Related posts

Recent Posts