Since my last release of the MVC toolkit some major changes have taken place in the MVC Framework. I am going to do a quick run through of how they changed the MVC CAPTCHA for the better.

Originally in MVC Preview Release 1 for the MVC CAPTCHA many of you remember that the indicator for a valid CAPTCHA was passed through the parameters of the action method like so:

[ControllerAction]
[CaptchaValidation("captcha")]
public void Register(bool captchaValid, string otherParameters)
{
    // do stuff
}

However when Preview Release 2 came out the ability to pass the parameter through the action method was broken. So I had to create a hack around this:

[CaptchaValidation("captcha")]
public void Register(string otherParameters)
{
    bool captchaValid = (bool)RouteData.Values["captchaValid"];
    // do stuff
}

Apparently without realizing it in Preview Release 1, I had discovered a major feature that everybody that I explained it to saw great potential in. So I submitted a feature request and waited for the ASP.NET Team to get back to me. With the release of Preview Release 3, they finally answered my prayers and added the parameter injection feature back in to the framework.

So now this code works again in the Preview Release 3 version of the MVC CAPTCHA control.

[CaptchaValidation("captcha")]
public void Register(bool captchaValid, string otherParameters)
{
    // do stuff
}

This works because of a new property called ActionParameterson the ActionExecutingContext. It can be used to test and change any of the action methods parameters before the action method has been executed. For the purpose of the MVC CAPTCHA control it allows me to inject a true or false value in to a parameter called captchaValid, so that the action method knows that the CAPTCHA validation passed or failed.

public override void OnActionExecuting(ActionExecutingContext filterContext)
{
	// make sure no values are getting sent in from the outside
	if (filterContext.ActionParameters.ContainsKey("captchaValid"))
		filterContext.ActionParameters["captchaValid"] = null;

	// get the guid from the post back
	string guid = filterContext.HttpContext.Request.Form["captcha-guid"];

	// check for the guid because it is required from the rest of the opperation
	if (String.IsNullOrEmpty(guid))
	{
		filterContext.RouteData.Values.Add(”captchaValid”, false);
		return;
	}

	// get values
	CaptchaImage image = CaptchaImage.GetCachedCaptcha(guid);
	string actualValue = filterContext.HttpContext.Request.Form[Field];
	string expectedValue = image == null ? String.Empty : image.Text;

	// removes the captch from cache so it cannot be used again
	filterContext.HttpContext.Cache.Remove(guid);

	// validate the captch
	filterContext.ActionParameters["captchaValid"] =
		!String.IsNullOrEmpty(actualValue)
		&& !String.IsNullOrEmpty(expectedValue)
		&& String.Equals(actualValue, expectedValue, StringComparison.OrdinalIgnoreCase);
}

Notice in the code above all the filterContext.ActionParameters references, that is the CAPTCHA validation checking for the parameter in the method parameters list and adding the value of the CATPCHA validation to the list. Note that in order for this to work you must already have the captchaValid attribute present in your method, these actions merely fill in the value of the captchaValid placeholder.

For anybody who hasn’t used my MVC CAPTCHA control before, you only need to do two things:

1. You need to register the CAPTCHA image handler.

<httpHandlers>
    <add verb="GET" path="captcha.ashx" validate="false" type="ManagedFusion.Web.Handlers.CaptchaImageHandler, ManagedFusion" />
</httpHandlers>

2. Add the following to the View that you want the CAPTCHA to show in. Note the extension, CaptchaTextBox in HtmlHelper, generates a text box with autocomplete=”off” so that the CAPTCHA box will not have an auto-complete show up.

<label for="captcha">Enter <%= Html.CaptchaImage(50, 180) %> Below</label><br />
<%= Html.CaptchaTextBox("captcha") %>

Which generates the following.

If you would like to download the latest copy of the MVC CAPTCHA it is available in my MVC Toolkit.

Download: Coder Journal MVC Toolkit
Source: Coder Journal MVC Toolkit

Tags: CAPTCHA, MVC, MVC Toolkit

Posted in ASP.NET, C#, How To | | | View blog reactions | 4 Comments »

My last article on ASP.NET MVC CAPTCHA was very well received by many of my readers and it even caught the eye of the DotNetKicks crowd. Now that MVC Preview 2 was released last week, many new features make encapsulating my CAPTCHA control even easier. Most notably is the ActionFilterAttribute which allows you to override the Pre and Post action events for any action the attribute is applied to.

Basically everything works the same as it did in the previous article. I just modified things for MVC Preview 2. To validate the CAPTCHA you add the attribute CaptchaValidation to the action.

[CaptchaValidation("captcha")]
public void Register(string userName, string password, string email, string question, string answer, bool captchaValid){
    // do stuff
}

You still need to register the CAPTCHA image handler.

<httpHandlers>
    <add verb="GET" path="captcha.ashx" validate="false" type="ManagedFusion.Web.Handlers.CaptchaImageHandler, ManagedFusion" />
</httpHandlers>

I added an extension to HtmlHelper that generates a text box with autocomplete=”off”.

<label for="captcha">Enter <%= Html.CaptchaImage(50, 180) %> Below</label><br />
<%= Html.CaptchaTextBox("captcha") %>

Which generates the following.

You can view the source code for this on my Google Code Project, everything is available through SVN.

1. CaptchaValidationAttribute.cs
2. CaptchaHelper.cs
3. CaptchaImage.cs
4. CaptchaImageHandler.cs

Or you can download the project for you own personal use.

•  ASP.NET MVC CAPTCHA Project

Tags: ASP.NET, C#, CAPTCHA, Microsoft, MVC

Posted in ASP.NET, C#, Programming | | | View blog reactions | 24 Comments »

Note: Most recent update for MVC Release Candidate 3 is out.

So my MVC application that I have been working on required a CAPTCHA today. The problem is that all of the solutions out there, that I could find for ASP.NET, are control based and I wanted a more MVC approach. I know I could have easily implemented one of them using the Html.RenderControl(), however I want to use a MVC approach to the CAPTCHA authentication box. So I started out with Jeff Atwood’s CAPTCHA Control made for ASP.NET 2.0 in VB.NET 2005. I then converted it to C# and modified and expanded on it for the MVC framework. The following is the result of my work.

The following creates the CAPTCHA image on the page, that looks like the image below the code:

<label for="captcha">Enter <%= Html.CaptchaImage(50, 180) %> Below</label><br />
<%= Html.TextBox("captcha") %>

The following is how the CAPTCHA is validated:

[ControllerAction]
[CaptchaValidation("captcha")]
public void Register(string userName, string password, string email, string question, string answer, bool captchaValid)
{
	// do stuff
}

The input in the CaptchaValidationAttribute is the name of the form field that you want to check against the CAPTCHA. Also notice the last parameter of the method called captchaValid this is required, and the value contains information on if the CAPTCHA was validated or not. captchaValid is automatically inserted in to the route data. From there you can go on and redirect the user to another page or do whatever your application would require if the CAPTCHA failed validation.

So as you can see it is relatively simple to use the CAPTCHA validation that I have created to test and verify your input with a CAPTCHA. The setup just requires adding a HttpHandler to the Web.config and the inclusion of a couple files.

<httpHandlers>
	<add verb="GET" path="captcha.ashx" validate="false" type="ManagedFusion.Web.Handlers.CaptchaImageHandler, ManagedFusion" />
</httpHandlers>

All the work is actually done in the OnPreAction method in the Controller like so:

protected override bool OnPreAction(string actionName, System.Reflection.MethodInfo methodInfo)
{
	object[] attributes = methodInfo.GetCustomAttributes(typeof(CaptchaValidationAttribute), false);

	if (attributes != null && attributes.Length > 0)
		OnCaptchaValidation(actionName, methodInfo, (CaptchaValidationAttribute)attributes[0]);

	return base.OnPreAction(actionName, methodInfo);
}

protected virtual bool OnCaptchaValidation(string actionName, System.Reflection.MethodInfo methodInfo, CaptchaValidationAttribute attribute)
{
	if (attribute == null)
		throw new ArgumentNullException(”attribute”);

	// make sure the captcha valid key is not contained in the route data
	if (this.RouteData.Values.ContainsKey(”captchaValid”))
		this.RouteData.Values.Remove(”captchaValid”);

	// get the guid from the post back
	string guid = Request.Form["captcha-guid"];

	// check for the guid because it is required from the rest of the opperation
	if (String.IsNullOrEmpty(guid))
	{
		this.RouteData.Values.Add(”captchaValid”, false);
		return true;
	}

	// get values
	CaptchaImage image = CaptchaImage.GetCachedCaptcha(guid);
	string actualValue = Request.Form[attribute.Field];
	string expectedValue = image == null ? String.Empty : image.Text;

	// removes the captch from cache so it cannot be used again
	HttpContext.Cache.Remove(guid);

	// validate the captch
	if (String.IsNullOrEmpty(actualValue) || String.IsNullOrEmpty(expectedValue) || !String.Equals(actualValue, expectedValue, StringComparison.OrdinalIgnoreCase))
	{
		this.RouteData.Values.Add(”captchaValid”, false);
		return true;
	}

	this.RouteData.Values.Add(”captchaValid”, true);
	return true;
}

And with the following HtmlHelper:

public static string CaptchaImage(this HtmlHelper helper, int height, int width)
{
	CaptchaImage image = new CaptchaImage {
		Height = height,
		Width = width,
	};

	HttpRuntime.Cache.Add(
		image.UniqueId,
		image,
		null,
		DateTime.Now.AddSeconds(ManagedFusion.Web.Controls.CaptchaImage.CacheTimeOut),
		Cache.NoSlidingExpiration,
		CacheItemPriority.NotRemovable,
		null);

	StringBuilder stringBuilder = new StringBuilder(256);
	stringBuilder.Append("<input type=\"hidden\" name=\"captcha-guid\" value=\"");
	stringBuilder.Append(image.UniqueId);
	stringBuilder.Append("\" />");
	stringBuilder.AppendLine();
	stringBuilder.Append("<img src=\"");
	stringBuilder.Append("/captcha.ashx?guid=" + image.UniqueId);
	stringBuilder.Append("\" alt=\"CAPTCHA\" width=\"");
	stringBuilder.Append(width);
	stringBuilder.Append("\" height=\"");
	stringBuilder.Append(height);
	stringBuilder.Append("\" />");

	return stringBuilder.ToString();
}

The rest of the source can be downloaded, if you are interested:

• CAPTCHA Source

I have tested this to work with in the guidelines that I need, which are pretty broad. However if you find a circumstance where this won’t work please let me know and I would be happy to integrate it in to this code.

Update (2008-3-9): The latest refresh of my ASP.NET MVC CAPTCHA control for Preview 2 of the MVC framework using ActionFilterAttribute.

Tags: ASP.NET, C#, CAPTCHA, MVC

Posted in ASP.NET, C#, Programming | | | View blog reactions | 20 Comments »