Remove From My Forums

Secure the captcha code

Question
0

Sign in to vote

User-158363518 posted

hi every body

Can you provide a solution to improve and more secure this code?

please help me with example .tnx a lot

i have 2 pages with names Maths_Captcha.aspx ,Captcha.aspx

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<table>
<tr>
<td colspan="2">
Result of below calculation...
</td>
</tr>
<tr>
<td colspan="2">
<asp:Label ForeColor="Red" runat="server" ID="lblStatus"></asp:Label>
</td>
</tr>
<tr>
<td>
<img src="Captcha.aspx" />
</td>
<td>
<asp:TextBox runat="server" ID="txtCaptcha"></asp:TextBox>
</td>
</tr>
<tr>
<td colspan="2">
<asp:Button runat="server" ID="btnSubmit" Text="Submit" OnClick="btnSubmit_Click" />
</td>
</tr>
</table>
</div>
</form>
</body>
</html>

*****************************************

public partial class Maths_Captcha : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}

protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
string result = txtCaptcha.Text;
if (result == Session["CaptchaValue"].ToString())
{
lblStatus.Text = "Correct..";
lblStatus.ForeColor = System.Drawing.Color.Green;
}
else
{
lblStatus.Text = "InCorrect..";
lblStatus.ForeColor = System.Drawing.Color.Red;
}
txtCaptcha.Text = "";
}
catch { }
}
}

****************************

code behind Captcha.aspx

public partial class Captcha : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//Defining brush color
Color brushColor = System.Drawing.Color.Blue;

// Creating object for bitmap
Bitmap objBitmap = new System.Drawing.Bitmap(100, 30);

// Creating object for Graphics class
Graphics objGraphics = System.Drawing.Graphics.FromImage(objBitmap);
objGraphics.Clear(Color.Transparent);

// Creating object for Font class
Font objFont = new Font("Times New Roman", 14, FontStyle.Regular);

string inputNumberString = "";

Random r = new Random();

int a = r.Next(1, 99);
int b = r.Next(1, 99);

int c = a + b;

inputNumberString = a.ToString() + " + " + b.ToString() + " = ";

//Storing the captcha value in the session
Session["CaptchaValue"] = c.ToString();

SolidBrush myBrush = new SolidBrush(brushColor);

objGraphics.DrawString(inputNumberString, objFont, myBrush, 3, 3);

//Adding the content type
Response.ContentType = "image/png";

System.IO.MemoryStream mem = new MemoryStream();

//Saving the bitmap image
objBitmap.Save(mem, ImageFormat.Png);

//Writing the image to output screen
mem.WriteTo(Response.OutputStream);

// Disposing Font Object
objFont.Dispose();

// Disposing Graphics Object
objGraphics.Dispose();

// Disposing Bitmap Object
objBitmap.Dispose();
}
}

Sunday, May 19, 2019 1:39 AM

All replies

User665608656 posted

Hi csajad,

According to your description, I suggest you could set the size of the number in the picture inconsistently, the position could be up and down, the font could be blurred, or add some random horizontal and vertical lines to the picture.

The purpose of doing this is to ensure the user can recognize, but the machine can not recognize, which ensures the security of the captcha code.

If you don't want to use the method you defined, you could also use Google's recaptcha directly.
Reference link: https://www.google.com/recaptcha/intro/v3.html

Here are some of the features I added to your code, which you could refer to.

code behind Captcha.aspx:

        protected void Page_Load(object sender, EventArgs e)
        {
            //Defining brush color
            Color brushColor = System.Drawing.Color.Blue;

            // Creating object for bitmap

            Bitmap objBitmap = new System.Drawing.Bitmap(100, 30);

            // Creating object for Graphics class
            Graphics objGraphics = System.Drawing.Graphics.FromImage(objBitmap);
            objGraphics.Clear(Color.Transparent);


            // Creating object for Font class
            Font objFont = new Font("Times New Roman", 14, FontStyle.Regular);

            string inputNumberString = "";
            Random r = new Random();
            int a = r.Next(1, 99);
            int b = r.Next(1, 99);
            int c = a + b;

            inputNumberString = a.ToString() + " + " + b.ToString() + " = ";

            //Storing the captcha value in the session
            Session["CaptchaValue"] = c.ToString();
     
            objGraphics.Clear(Color.White);
            //Draw four random lines
            for (int i = 0; i < 4; i++)
            {
                int x1 = r.Next(objBitmap.Width);
                int y1 = r.Next(objBitmap.Height);
                int x2 = r.Next(objBitmap.Width);
                int y2 = r.Next(objBitmap.Height);
                objGraphics.DrawLine(new Pen(Brushes.Black, 1), new Point(x1, y1), new Point(x2, y2));
            }
            objGraphics.DrawRectangle(new Pen(Brushes.Black), 0, 0, objBitmap.Width - 1, objBitmap.Height - 1);
            SolidBrush myBrush = new SolidBrush(brushColor);
            objGraphics.DrawString(inputNumberString, objFont, myBrush, 3, 3);

            //Adding the content type
            Response.ContentType = "image/png";

            System.IO.MemoryStream mem = new MemoryStream();

            //Saving the bitmap image
            objBitmap.Save(mem, ImageFormat.Png);

            //Writing the image to output screen
            mem.WriteTo(Response.OutputStream);

            // Disposing Font Object
            objFont.Dispose();

            // Disposing Graphics Object
            objGraphics.Dispose();


            // Disposing Bitmap Object
            objBitmap.Dispose();

        }

The result of my work demo:

Best Regards,

YongQing.

Monday, May 20, 2019 8:19 AM

Asked by:

Secure the captcha code

Question

All replies