How do I implement reCaptcha in ASP.NET MVC and C#?
Asked
Active
Viewed 1.2e+01k times
8 Answers
86
There are a few great examples:
- MVC reCaptcha - making reCaptcha more MVC'ish.
- ReCaptcha Webhelper in ASP.NET MVC 3
- ReCaptcha Control for ASP.NET MVC from Google Code.
This has also been covered before in this Stack Overflow question.
NuGet Google reCAPTCHA V2 for MVC 4 and 5
Richard Seal
- 4,248
- 14
- 29
George Stocker
- 57,289
- 29
- 176
- 237
-
thanks for quick reply. I have a question, who created `Recaptcha.dll`? Google team? – Second Person Shooter Jan 06 '11 at 02:11
-
4ReCaptcha was created by a professor at [Carnegie Mellon University](http://news.cnet.com/8301-1023_3-9989480-93.html) I believe. – George Stocker Jan 06 '11 at 02:12
-
1The third one (http://www.dotnetcurry.com/ShowArticle.aspx?ID=611) worked great for me. – seldary Jun 20 '12 at 11:25
-
I'm using Dirik Whittaker's code. Microsoft.Web.Helpers is referenced, but I'm getting a namespace name 'Recaptcha' not found error on this line: var captchaValidtor = new Recaptcha.RecaptchaValidator – M3NTA7 May 29 '14 at 14:48
-
@M3NTA7 You may want to pose a question that goes into a bit more depth than this comment. – George Stocker May 29 '14 at 14:58
-
Is there any updated libraries that will work with the new google recapture. I found the following: http://venkatbaggu.com/google-recaptcha-asp-net-mvc/ but its not async and isnt packaged well for reuse. – Zapnologica Apr 06 '15 at 19:21
-
Tim Ferris interviews the guy that invented Captcha and Recaptcha: http://fourhourworkweek.com/2016/01/26/luis-von-ahn-duolingo/ – JustJohn May 01 '16 at 05:28
-
This one works for imlementing the new ReCaptcha in MVC 5: http://www.dotnetawesome.com/2015/12/google-new-recaptcha-using-aspnet-mvc.html – clayRay Aug 26 '16 at 21:38
34
I have added reCaptcha to a project I'm currently working on. I needed it to use the AJAX API as the reCaptcha element was loaded into the page dynamically. I couldn't find any existing controls and the API is simple so I created my own.
I'll post my code here in case anyone finds it useful.
1: Add the script tag to the master page headers
<script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
2: Add your keys to the web.config
<appSettings>
<add key="ReCaptcha.PrivateKey" value="[key here]" />
<add key="ReCaptcha.PublicKey" value="[key here]" />
</appSettings>
3: Create the Action Attribute and Html Helper extensions
namespace [Your chosen namespace].ReCaptcha
{
public enum Theme { Red, White, BlackGlass, Clean }
[Serializable]
public class InvalidKeyException : ApplicationException
{
public InvalidKeyException() { }
public InvalidKeyException(string message) : base(message) { }
public InvalidKeyException(string message, Exception inner) : base(message, inner) { }
}
public class ReCaptchaAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var userIP = filterContext.RequestContext.HttpContext.Request.UserHostAddress;
var privateKey = ConfigurationManager.AppSettings.GetString("ReCaptcha.PrivateKey", "");
if (string.IsNullOrWhiteSpace(privateKey))
throw new InvalidKeyException("ReCaptcha.PrivateKey missing from appSettings");
var postData = string.Format("&privatekey={0}&remoteip={1}&challenge={2}&response={3}",
privateKey,
userIP,
filterContext.RequestContext.HttpContext.Request.Form["recaptcha_challenge_field"],
filterContext.RequestContext.HttpContext.Request.Form["recaptcha_response_field"]);
var postDataAsBytes = Encoding.UTF8.GetBytes(postData);
// Create web request
var request = WebRequest.Create("http://www.google.com/recaptcha/api/verify");
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = postDataAsBytes.Length;
var dataStream = request.GetRequestStream();
dataStream.Write(postDataAsBytes, 0, postDataAsBytes.Length);
dataStream.Close();
// Get the response.
var response = request.GetResponse();
using (dataStream = response.GetResponseStream())
{
using (var reader = new StreamReader(dataStream))
{
var responseFromServer = reader.ReadToEnd();
if (!responseFromServer.StartsWith("true"))
((Controller)filterContext.Controller).ModelState.AddModelError("ReCaptcha", "Captcha words typed incorrectly");
}
}
}
}
public static class HtmlHelperExtensions
{
public static MvcHtmlString GenerateCaptcha(this HtmlHelper helper, Theme theme, string callBack = null)
{
const string htmlInjectString = @"<div id=""recaptcha_div""></div>
<script type=""text/javascript"">
Recaptcha.create(""{0}"", ""recaptcha_div"", {{ theme: ""{1}"" {2}}});
</script>";
var publicKey = ConfigurationManager.AppSettings.GetString("ReCaptcha.PublicKey", "");
if (string.IsNullOrWhiteSpace(publicKey))
throw new InvalidKeyException("ReCaptcha.PublicKey missing from appSettings");
if (!string.IsNullOrWhiteSpace(callBack))
callBack = string.Concat(", callback: ", callBack);
var html = string.Format(htmlInjectString, publicKey, theme.ToString().ToLower(), callBack);
return MvcHtmlString.Create(html);
}
}
}
4: Add the captcha to your view
@using (Html.BeginForm("MyAction", "MyController"))
{
@Html.TextBox("EmailAddress", Model.EmailAddress)
@Html.GenerateCaptcha(Theme.White)
<input type="submit" value="Submit" />
}
5: Add the attribute to your action
[HttpPost]
[ReCaptcha]
public ActionResult MyAction(MyModel model)
{
if (!ModelState.IsValid) // Will have a Model Error "ReCaptcha" if the user input is incorrect
return Json(new { capthcaInvalid = true });
... other stuff ...
}
6: Note you will need to reload the captcha after each post even if it was valid and another part of the form was invalid. Use Recaptcha.reload();
Erik Bergstedt
- 912
- 10
- 27
Magpie
- 6,983
- 14
- 51
- 67
-
Is it possible with this code to only annotate ReCaptcha after 5 failed logins? – Rob Jun 24 '14 at 10:02
-
2If you are implementing this solution have into account that the new API url is: https://www.google.com/recaptcha/api/siteverify ([source](https://developers.google.com/recaptcha/docs/verify)) – Axel Prieto Feb 14 '17 at 18:40
15
Simple and Complete Solution working for me. Supports ASP.NET MVC 4 and 5 (Supports ASP.NET 4.0, 4.5, and 4.5.1)
Step 1: Install NuGet Package by "Install-Package reCAPTCH.MVC"
Step 2: Add your Public and Private key to your web.config file in appsettings section
<appSettings>
<add key="ReCaptchaPrivateKey" value=" -- PRIVATE_KEY -- " />
<add key="ReCaptchaPublicKey" value=" -- PUBLIC KEY -- " />
</appSettings>
You can create an API key pair for your site at https://www.google.com/recaptcha/intro/index.html and click on Get reCAPTCHA at top of the page
Step 3: Modify your form to include reCaptcha
@using reCAPTCHA.MVC
@using (Html.BeginForm())
{
@Html.Recaptcha()
@Html.ValidationMessage("ReCaptcha")
<input type="submit" value="Register" />
}
Step 4: Implement the Controller Action that will handle the form submission and Captcha validation
[CaptchaValidator(
PrivateKey = "your private reCaptcha Google Key",
ErrorMessage = "Invalid input captcha.",
RequiredMessage = "The captcha field is required.")]
public ActionResult MyAction(myVM model)
{
if (ModelState.IsValid) //this will take care of captcha
{
}
}
OR
public ActionResult MyAction(myVM model, bool captchaValid)
{
if (captchaValid) //manually check for captchaValid
{
}
}
Moji
- 5,720
- 2
- 38
- 39
-
Unfortunately it's not possible to use it in two different forms in the same page due to `Uncaught Error: ReCAPTCHA placeholder element must be empty`. – Alisson Reinaldo Silva Aug 08 '17 at 21:01
-
1As reCaptcha uses the web.config for the keys, you don't need to supply `PrivateKey = "your private reCaptcha Google Key"`. This is much easier when you have different keys for different environments – Red Mar 08 '18 at 12:56
15
An async version for MVC 5 (i.e. avoiding ActionFilterAttribute, which is not async until MVC 6) and reCAPTCHA 2
ExampleController.cs
public class HomeController : Controller
{
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<ActionResult> ContactSubmit(
[Bind(Include = "FromName, FromEmail, FromPhone, Message, ContactId")]
ContactViewModel model)
{
if (!await RecaptchaServices.Validate(Request))
{
ModelState.AddModelError(string.Empty, "You have not confirmed that you are not a robot");
}
if (ModelState.IsValid)
{
...
ExampleView.cshtml
@model MyMvcApp.Models.ContactViewModel
@*This is assuming the master layout places the styles section within the head tags*@
@section Styles {
@Styles.Render("~/Content/ContactPage.css")
<script src='https://www.google.com/recaptcha/api.js'></script>
}
@using (Html.BeginForm("ContactSubmit", "Home",FormMethod.Post, new { id = "contact-form" }))
{
@Html.AntiForgeryToken()
...
<div class="form-group">
@Html.LabelFor(m => m.Message)
@Html.TextAreaFor(m => m.Message, new { @class = "form-control", @cols = "40", @rows = "3" })
@Html.ValidationMessageFor(m => m.Message)
</div>
<div class="row">
<div class="g-recaptcha" data-sitekey='@System.Configuration.ConfigurationManager.AppSettings["RecaptchaClientKey"]'></div>
</div>
<div class="row">
<input type="submit" id="submit-button" class="btn btn-default" value="Send Your Message" />
</div>
}
RecaptchaServices.cs
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using System.Web;
using System.Configuration;
using System.Net.Http;
using System.Net.Http.Headers;
using Newtonsoft.Json;
using System.Runtime.Serialization;
namespace MyMvcApp.Services
{
public class RecaptchaServices
{
//ActionFilterAttribute has no async for MVC 5 therefore not using as an actionfilter attribute - needs revisiting in MVC 6
internal static async Task<bool> Validate(HttpRequestBase request)
{
string recaptchaResponse = request.Form["g-recaptcha-response"];
if (string.IsNullOrEmpty(recaptchaResponse))
{
return false;
}
using (var client = new HttpClient { BaseAddress = new Uri("https://www.google.com") })
{
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("secret", ConfigurationManager.AppSettings["RecaptchaSecret"]),
new KeyValuePair<string, string>("response", recaptchaResponse),
new KeyValuePair<string, string>("remoteip", request.UserHostAddress)
});
var result = await client.PostAsync("/recaptcha/api/siteverify", content);
result.EnsureSuccessStatusCode();
string jsonString = await result.Content.ReadAsStringAsync();
var response = JsonConvert.DeserializeObject<RecaptchaResponse>(jsonString);
return response.Success;
}
}
[DataContract]
internal class RecaptchaResponse
{
[DataMember(Name = "success")]
public bool Success { get; set; }
[DataMember(Name = "challenge_ts")]
public DateTime ChallengeTimeStamp { get; set; }
[DataMember(Name = "hostname")]
public string Hostname { get; set; }
[DataMember(Name = "error-codes")]
public IEnumerable<string> ErrorCodes { get; set; }
}
}
}
web.config
<configuration>
<appSettings>
<!--recaptcha-->
<add key="RecaptchaSecret" value="***secret key from https://developers.google.com/recaptcha***" />
<add key="RecaptchaClientKey" value="***client key from https://developers.google.com/recaptcha***" />
</appSettings>
</configuration>
Brent
- 4,611
- 4
- 38
- 55
8
Step 1: Client site integration
Paste this snippet before the closing </head> tag on your HTML template:
<script src='https://www.google.com/recaptcha/api.js'></script>
Paste this snippet at the end of the <form> where you want the reCAPTCHA widget to appear:
<div class="g-recaptcha" data-sitekey="your-site-key"></div>
Step 2: Server site integration
When your users submit the form where you integrated reCAPTCHA, you'll get as part of the payload a string with the name "g-recaptcha-response". In order to check whether Google has verified that user, send a POST request with these parameters:
URL : https://www.google.com/recaptcha/api/siteverify
secret : your secret key
response : The value of 'g-recaptcha-response'.
Now in action of your MVC app:
// return ActionResult if you want
public string RecaptchaWork()
{
// Get recaptcha value
var r = Request.Params["g-recaptcha-response"];
// ... validate null or empty value if you want
// then
// make a request to recaptcha api
using (var wc = new WebClient())
{
var validateString = string.Format(
"https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}",
"your_secret_key", // secret recaptcha key
r); // recaptcha value
// Get result of recaptcha
var recaptcha_result = wc.DownloadString(validateString);
// Just check if request make by user or bot
if (recaptcha_result.ToLower().Contains("false"))
{
return "recaptcha false";
}
}
// Do your work if request send from human :)
}
7
I've successfully implemented ReCaptcha in the following way.
note: this is in VB, but can easily be converted
1] First grab a copy of the reCaptcha library
2] Then build a custom ReCaptcha HTML Helper
''# fix SO code coloring issue.
<Extension()>
Public Function reCaptcha(ByVal htmlHelper As HtmlHelper) As MvcHtmlString
Dim captchaControl = New Recaptcha.RecaptchaControl With {.ID = "recaptcha",
.Theme = "clean",
.PublicKey = "XXXXXX",
.PrivateKey = "XXXXXX"}
Dim htmlWriter = New HtmlTextWriter(New IO.StringWriter)
captchaControl.RenderControl(htmlWriter)
Return MvcHtmlString.Create(htmlWriter.InnerWriter.ToString)
End Function
3] From here you need a re-usable server side validator
Public Class ValidateCaptchaAttribute : Inherits ActionFilterAttribute
Private Const CHALLENGE_FIELD_KEY As String = "recaptcha_challenge_field"
Private Const RESPONSE_FIELD_KEY As String = "recaptcha_response_field"
Public Overrides Sub OnActionExecuting(ByVal filterContext As ActionExecutingContext)
If IsNothing(filterContext.HttpContext.Request.Form(CHALLENGE_FIELD_KEY)) Then
''# this will push the result value into a parameter in our Action
filterContext.ActionParameters("CaptchaIsValid") = True
Return
End If
Dim captchaChallengeValue = filterContext.HttpContext.Request.Form(CHALLENGE_FIELD_KEY)
Dim captchaResponseValue = filterContext.HttpContext.Request.Form(RESPONSE_FIELD_KEY)
Dim captchaValidtor = New RecaptchaValidator() With {.PrivateKey = "xxxxx",
.RemoteIP = filterContext.HttpContext.Request.UserHostAddress,
.Challenge = captchaChallengeValue,
.Response = captchaResponseValue}
Dim recaptchaResponse = captchaValidtor.Validate()
''# this will push the result value into a parameter in our Action
filterContext.ActionParameters("CaptchaIsValid") = recaptchaResponse.IsValid
MyBase.OnActionExecuting(filterContext)
End Sub
above this line is reusable **ONE TIME** code
below this line is how easy it is to implement reCaptcha over and over
Now that you have your re-usable code... all you need to do is add the captcha to your View.
<%: Html.reCaptcha %>
And when you post the form to your controller...
''# Fix SO code coloring issues
<ValidateCaptcha()>
<AcceptVerbs(HttpVerbs.Post)>
Function Add(ByVal CaptchaIsValid As Boolean, ByVal [event] As Domain.Event) As ActionResult
If Not CaptchaIsValid Then ModelState.AddModelError("recaptcha", "*")
'#' Validate the ModelState and submit the data.
If ModelState.IsValid Then
''# Post the form
Else
''# Return View([event])
End If
End Function
Chase Florell
- 46,378
- 57
- 186
- 376
-
-
1thank you very much for elaborating the solution. It is very detailed answer. I love it. – Second Person Shooter Jan 06 '11 at 02:58
-
1As per Joel's most recent blog, the creators of StackOverflow want this to be a [Wiki Repository](http://blog.stackoverflow.com/2011/01/the-wikipedia-of-long-tail-programming-questions/) instead of just redirecting users to other sites. Sending you to a site might answer your question today, but won't solve someone else's problem when that external page comes down next year. Posting the right answer here will help future seekers as well. I believe this is the right way to answer a question. – Chase Florell Jan 06 '11 at 03:03
-
Looks almost similar to the http://devlicio.us/blogs/derik_whittaker/archive/2008/12/02/using-recaptcha-with-asp-net-mvc.aspx except the language difference.. – gmail user Oct 29 '13 at 01:48
3
Extending Magpie's answer, here is the code for action filter which I use in my project.
It works with ASP Core RC2!
public class ReCaptchaAttribute : ActionFilterAttribute
{
private readonly string CAPTCHA_URL = "https://www.google.com/recaptcha/api/siteverify";
private readonly string SECRET = "your_secret";
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
try
{
// Get recaptcha value
var captchaResponse = filterContext.HttpContext.Request.Form["g-recaptcha-response"];
using (var client = new HttpClient())
{
var values = new Dictionary<string, string>
{
{ "secret", SECRET },
{ "response", captchaResponse },
{ "remoteip", filterContext.HttpContext.Request.HttpContext.Connection.RemoteIpAddress.ToString() }
};
var content = new FormUrlEncodedContent(values);
var result = client.PostAsync(CAPTCHA_URL, content).Result;
if (result.IsSuccessStatusCode)
{
string responseString = result.Content.ReadAsStringAsync().Result;
var captchaResult = JsonConvert.DeserializeObject<CaptchaResponseViewModel>(responseString);
if (!captchaResult.Success)
{
((Controller)filterContext.Controller).ModelState.AddModelError("ReCaptcha", "Captcha not solved");
}
} else
{
((Controller)filterContext.Controller).ModelState.AddModelError("ReCaptcha", "Captcha error");
}
}
}
catch (System.Exception)
{
((Controller)filterContext.Controller).ModelState.AddModelError("ReCaptcha", "Unknown error");
}
}
}
And use it in your code like
[ReCaptcha]
public IActionResult Authenticate()
{
if (!ModelState.IsValid)
{
return View(
"Login",
new ReturnUrlViewModel
{
ReturnUrl = Request.Query["returnurl"],
IsError = true,
Error = "Wrong reCAPTCHA"
}
);
}
Dmytro Bogatov
- 776
- 1
- 10
- 23
1
For anybody else looking, here is a decent set of steps. http://forums.asp.net/t/1678976.aspx/1
Don't forget to manually add your key in OnActionExecuting() like I did.
Pat
- 11
- 1