ASP.NET CAPTCHA control, improved

Jeff Atwood -

I improved the ASP.NET CAPTCHA server control I mentioned yesterday:

  • Control respects all standard ASP.NET server control properties (font, border, accesskey, enabled, etcetera)
  • Hide ViewState property (it’s required!)
  • Added CaptchaLength property
  • Added CaptchaFontWarping property
  • Improve font sizing algorithm
  • Improve warping algorithm (more mild distortion, no more drawing outside the box)
  • Remove “1,0,I,O” from possible Captcha characters to prevent confusion in entering text
  • Text is now optional
  • Lots of other little improvements

If you are willing to sacrifice less OCR-ability for more human readability, you can adjust the CaptchaLength and CaptchaFontWarping properties to taste. For most applications, simply having a CAPTCHA of any sort is probably enough to block casual bot attacks, and shorter less warped phrases are definitely a lot easier to read. The default is 6 characters with medium warping, which is a good blend.

You can download the solution from my CodeProject article if you’re interested. There are only two projects in the solution; an ultra simple demo website and the control library itself.

To see a CAPTCHA in action, check out the Yahoo mail signup page. Refreshing the page will generate a new one every time...