locked
Secure the captcha code RRS feed

  • Question

  • User-158363518 posted

    hi every body 

    Can you provide a solution to improve and more secure this code?

    please help me with example .tnx a lot

    i have 2 pages with names Maths_Captcha.aspx ,Captcha.aspx

    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
    <title></title>
    </head>
    <body>
    <form id="form1" runat="server">
    <div>
    <table>
    <tr>
    <td colspan="2">
    Result of below calculation...
    </td>
    </tr>
    <tr>
    <td colspan="2">
    <asp:Label ForeColor="Red" runat="server" ID="lblStatus"></asp:Label>
    </td>
    </tr>
    <tr>
    <td>
    <img src="Captcha.aspx" />
    </td>
    <td>
    <asp:TextBox runat="server" ID="txtCaptcha"></asp:TextBox>
    </td>
    </tr>
    <tr>
    <td colspan="2">
    <asp:Button runat="server" ID="btnSubmit" Text="Submit" OnClick="btnSubmit_Click" />
    </td>
    </tr>
    </table>
    </div>
    </form>
    </body>
    </html>

    *****************************************

    public partial class Maths_Captcha : System.Web.UI.Page
    {
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void btnSubmit_Click(object sender, EventArgs e)
    {
    try
    {
    string result = txtCaptcha.Text;
    if (result == Session["CaptchaValue"].ToString())
    {
    lblStatus.Text = "Correct..";
    lblStatus.ForeColor = System.Drawing.Color.Green;
    }
    else
    {
    lblStatus.Text = "InCorrect..";
    lblStatus.ForeColor = System.Drawing.Color.Red;
    }
    txtCaptcha.Text = "";
    }
    catch { }
    }
    }

    ****************************

    code behind Captcha.aspx


    public partial class Captcha : System.Web.UI.Page
    {
    protected void Page_Load(object sender, EventArgs e)
    {
    //Defining brush color
    Color brushColor = System.Drawing.Color.Blue;

    // Creating object for bitmap
    Bitmap objBitmap = new System.Drawing.Bitmap(100, 30);

    // Creating object for Graphics class
    Graphics objGraphics = System.Drawing.Graphics.FromImage(objBitmap);
    objGraphics.Clear(Color.Transparent);

    // Creating object for Font class
    Font objFont = new Font("Times New Roman", 14, FontStyle.Regular);

    string inputNumberString = "";

    Random r = new Random();

    int a = r.Next(1, 99);
    int b = r.Next(1, 99);

    int c = a + b;

    inputNumberString = a.ToString() + " + " + b.ToString() + " = ";

    //Storing the captcha value in the session
    Session["CaptchaValue"] = c.ToString();

    SolidBrush myBrush = new SolidBrush(brushColor);

    objGraphics.DrawString(inputNumberString, objFont, myBrush, 3, 3);

    //Adding the content type
    Response.ContentType = "image/png";

    System.IO.MemoryStream mem = new MemoryStream();

    //Saving the bitmap image
    objBitmap.Save(mem, ImageFormat.Png);

    //Writing the image to output screen
    mem.WriteTo(Response.OutputStream);

    // Disposing Font Object
    objFont.Dispose();

    // Disposing Graphics Object
    objGraphics.Dispose();

    // Disposing Bitmap Object
    objBitmap.Dispose();
    }
    }

    Sunday, May 19, 2019 1:39 AM

All replies

  • User665608656 posted

    Hi csajad,

    According to your description, I suggest you could set the size of the number in the picture inconsistently, the position could be up and down, the font could be blurred, or add some random horizontal and vertical lines to the picture. 

    The purpose of doing this is to ensure the user can recognize, but the machine can not recognize, which ensures the security of the captcha code.

    If you don't want to use the method you defined, you could also use Google's recaptcha directly. 
    Reference link:  https://www.google.com/recaptcha/intro/v3.html

    Here are some of the features I added to your code, which you could refer to.

    code behind Captcha.aspx:

            protected void Page_Load(object sender, EventArgs e)
            {
                //Defining brush color
                Color brushColor = System.Drawing.Color.Blue;
    
                // Creating object for bitmap
    
                Bitmap objBitmap = new System.Drawing.Bitmap(100, 30);
    
                // Creating object for Graphics class
                Graphics objGraphics = System.Drawing.Graphics.FromImage(objBitmap);
                objGraphics.Clear(Color.Transparent);
    
    
                // Creating object for Font class
                Font objFont = new Font("Times New Roman", 14, FontStyle.Regular);
    
                string inputNumberString = "";
                Random r = new Random();
                int a = r.Next(1, 99);
                int b = r.Next(1, 99);
                int c = a + b;
    
                inputNumberString = a.ToString() + " + " + b.ToString() + " = ";
    
                //Storing the captcha value in the session
                Session["CaptchaValue"] = c.ToString();
         
                objGraphics.Clear(Color.White);
                //Draw four random lines
                for (int i = 0; i < 4; i++)
                {
                    int x1 = r.Next(objBitmap.Width);
                    int y1 = r.Next(objBitmap.Height);
                    int x2 = r.Next(objBitmap.Width);
                    int y2 = r.Next(objBitmap.Height);
                    objGraphics.DrawLine(new Pen(Brushes.Black, 1), new Point(x1, y1), new Point(x2, y2));
                }
                objGraphics.DrawRectangle(new Pen(Brushes.Black), 0, 0, objBitmap.Width - 1, objBitmap.Height - 1);
                SolidBrush myBrush = new SolidBrush(brushColor);
                objGraphics.DrawString(inputNumberString, objFont, myBrush, 3, 3);
    
                //Adding the content type
                Response.ContentType = "image/png";
    
                System.IO.MemoryStream mem = new MemoryStream();
    
                //Saving the bitmap image
                objBitmap.Save(mem, ImageFormat.Png);
    
                //Writing the image to output screen
                mem.WriteTo(Response.OutputStream);
    
                // Disposing Font Object
                objFont.Dispose();
    
                // Disposing Graphics Object
                objGraphics.Dispose();
    
    
                // Disposing Bitmap Object
                objBitmap.Dispose();
    
            }

    The result of my work demo:    
     
       
     
    Best Regards,

    YongQing.

    Monday, May 20, 2019 8:19 AM