How do you do server validation of response from Google reCAPTCHA using VB.NET?

Question

User695372294 posted

I have successfully added Google reCAPTCHA V2 with an "I'm not a robot" checkbox to a 'Contact Us' webform, plus an associated HTML Input tag labelled 'Submit' just below the checkbox. However, I am struggling to find any useful examples of VB.NET code for performing a server-based validation of the response after a user clicks on Submit.

All I want is a simple YES/NO result that will be used to decide if the Send button on my webform should be enabled. Any guidance would be much appreciated.

Answer 1

User409696431 posted

Assuming your aspx page has the following:

<div class="g-recaptcha" data-sitekey="....your key here ....."></div>

Use a button that posts back to the same page.  In code-behind (C# - you'll need to switch it to VB)

bool isCaptchaValid;
protected void Page_Load(object sender, EventArgs e)
{
   if(Page.IsPostBack)
   {
       var encodedResponse = Request.Form["g-Recaptcha-Response"];
       isCaptchaValid = ReCaptcha.Validate(encodedResponse);
       if(!isCaptchaValid) {//Invalid - handle it for user however you like, including disabling a button on the page.}
       else {//Valid - continue on}
   }
}
public class ReCaptcha
{
    public bool Success { get; set; }
    public List<string> ErrorCodes { get; set; }
    public static bool Validate(string encodedResponse)
    {
        if (string.IsNullOrEmpty(encodedResponse)) return false;

        var client = new System.Net.WebClient();
        var secret = "... your secret code here ....";
        var googleReply = client.DownloadString(string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", secret, encodedResponse));
        var serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
        var reCaptcha = serializer.Deserialize<ReCaptcha>(googleReply);
        return reCaptcha.Success;
    }
}

Answer 2

User665608656 posted

Hi haggis999,

If you want to verify whether Google reCAPTCHA V2 is passed to determine whether the button is enabled, I suggest that you can use the data-callback client click event of Google reCAPTCHA V2 to obtain grecaptcha's response, and then use ajax to verify in the code behind.

You can refer to this link : https://stackoverflow.com/a/27767239

For more details, please refer to the following code:

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
    <script src="../Scripts/jquery-3.0.0.min.js"></script>
    <script type="text/javascript" src='https://www.google.com/recaptcha/api.js?hl=en'></script>
    <script>
        function imNotARobot() {
            var response = grecaptcha.getResponse();
            $.ajax({
                type: 'POST',
                url: 'Demo.aspx/ValidateGoogleRecaptcha',
                data: '{response: "' + response + '"}',
                contentType: "application/json; charset=utf-8",
                dataType: "json",
                success: function (results) {
                    if (results.d) {
                        $("#btnLogin").prop('disabled', false);
                    } else {
                        $("#btnLogin").prop('disabled', true);
                    }
                },
                error: function () { alert('error'); }
            });
        }
    </script>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            <div class="g-recaptcha"
                data-sitekey="YOUR SITE KEY" data-callback="imNotARobot">
            </div>
            <asp:Button ID="btnLogin" runat="server" Text="Check Recaptcha" Enabled="false" />
        </div>
    </form>
</body>
</html>

    Public Class MyObject
        Public Property success As String
    End Class

  <WebMethod>
    Public Shared Function ValidateGoogleRecaptcha(ByVal response As String) As Boolean
        Return ValidateRecaptcha(response)
    End Function

    Public Shared Function ValidateRecaptcha(ByVal response As String) As Boolean
        Dim Valid As Boolean = False
        Dim req As HttpWebRequest = CType(WebRequest.Create(" https://www.google.com/recaptcha/api/siteverify?secret=YOUR SECRATE KEY&response=" & response), HttpWebRequest)
        Try

            Using wResponse As WebResponse = req.GetResponse()

                Using readStream As StreamReader = New StreamReader(wResponse.GetResponseStream())
                    Dim jsonResponse As String = readStream.ReadToEnd()
                    Dim js As JavaScriptSerializer = New JavaScriptSerializer()
                    Dim data As MyObject = js.Deserialize(Of MyObject)(jsonResponse)
                    Valid = Convert.ToBoolean(data.success)
                End Using
            End Using

            Return Valid
        Catch ex As WebException
            Throw ex
        End Try
    End Function

Here is the result of this work demo:

Best Regards,

YongQing.

Answer 3

User409696431 posted

That's a rather long winded and complicated answer.  Mine is much simpler, since the post stated the use will click a submit button.  No additional ajax needed, it's a postback.

Answer 4

User695372294 posted

KathyW

That's a rather long winded and complicated answer.  Mine is much simpler, since the post stated the use will click a submit button.  No additional ajax needed, it's a postback.

Hi Kathy,
I am indeed interested in finding the simplest possible solution to my problem and had already seen some implausibly complex offerings elsewhere before posting here. I've already spent some time trying and failing to get a 'simple' solution I found on YongQing's link to stackoverflow.com and have now turned my attention to yours.

I've converted your code to VB.NET and placed it in a webform, but I have a problem. The line in the Page_Load sub 'isCaptchaValid = recaptcha.Validate(encodedResponse)' immediately generates the following error in VS 2017, with a wavy line under encodedResponse:

Too many arguments to 'Public Overloads Sub Validate()'

Answer 5

User409696431 posted

My code works - it's used in three differnent websites.   My code clearly has one argument. 

public static bool Validate(string encodedResponse)

Your's seems not to have any arguments.

Public Overloads Sub Validate()

Hopefully the fix is as simple as that.  If not, post your translated VB code.

Answer 6

User695372294 posted

My code works - it's used in three differnent websites.   My code clearly has one argument. 

public static bool Validate(string encodedResponse)

Your's seems not to have any arguments.

Public Overloads Sub Validate()

Hopefully the fix is as simple as that.  If not, post your translated VB code.

My VB.NET conversion of your code looks like this.

    Private isCaptchaValid As Boolean


    Public Class MyReCaptcha
        Public Property Success As Boolean
        Public Property ErrorCodes As List(Of String)

        Public Shared Function Validate(ByVal encodedResponse As String) As Boolean
            If String.IsNullOrEmpty(encodedResponse) Then Return False
            Dim client = New System.Net.WebClient()
            Dim secret = ConfigurationManager.AppSettings("ReCaptchaPrivateKey")
            Dim googleReply = client.DownloadString(String.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", secret, encodedResponse))
            Dim serializer = New System.Web.Script.Serialization.JavaScriptSerializer()
            Dim reCaptcha = serializer.Deserialize(Of MyReCaptcha)(googleReply)
            Return reCaptcha.Success
        End Function

    End Class


    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

        If Page.IsPostBack Then
            Dim encodedResponse = Request.Form("g-Recaptcha-Response")

            isCaptchaValid = recaptcha.Validate(encodedResponse)

            If isCaptchaValid Then
                'Temporary code for testing purposes
                Literal1.Text = "OK"
            Else
                Literal1.Text = "NOT OK"
            End If

        End If

    End Sub

Answer 7

User409696431 posted

When I use your code, the error I get is that recaptchais not defined in the following line.   I don't get the error you show.

isCaptchaValid = recaptcha.Validate(encodedResponse)

With your naming convention, that line should be

isCaptchaValid = MyReCaptcha.Validate(encodedResponse)

Answer 8

User695372294 posted

When I use your code, the error I get is that recaptchais not defined in the following line.   I don't get the error you show.

isCaptchaValid = recaptcha.Validate(encodedResponse)

With your naming convention, that line should be

isCaptchaValid = MyReCaptcha.Validate(encodedResponse)

Well spotted! I changed ReCaptcha to MyReCaptcha to avoid a conflict with some code associated with another solution to my problem and then failed to notice the need to change it in the isCaptchaValid line.

It's all working now. Many thanks for your help on this.

 

Answer 9

User409696431 posted

I'm glad its working.   To help others with a similar question, please mark my initial reply as the answer.  :)

Answer 10

User695372294 posted

I do have one other question....

There is a demo at https://www.google.com/recaptcha/api2/demo that displays the message 'Please verify that you are not a robot' within the reCaptcha box if you click the Submit button without answering the question. How do you code such a message?

EDIT:  On checking the source of that page, it looked like it was done by exploiting the class 'recaptcha-error-message', but I never quite got that to work the way I wanted, so I just did it by setting the value of Literal1 (ref my coding above) to that message when the reCaptcha question had not been answered.