CAPTCHA ASP.NET Web Control (English)
For the original Italian page, please click on the link: http://www.guru4.net/articoli/captcha/default.aspx
Every Blog, surveys, comments and risen of module of
interaction between situated (or a service) Web and the customer more
and more often come use you as average for the spread of messages it
automates to you to advertising scope or of disturbance (Spam) and
this problem turns out to be between more is felt in the last years.
It more and more becomes therefore important to allow our programs to distinguish between a human being and an other computer; in the 2000 great portali and the search engines they began to take care itself of the problem and already arrived to the creation of the CAPTCHA, rompicapo of the easy solution for a human being but extremely difficult for a system automatic rifle (for greater information looks at The CAPTCHA Project).
Term CAPTCHA denotes therefore a made test of or more questions and answers in order to determine if the customer is a human (and not a computer or, more just, a bot). Acronym CAPTCHA derives from English: "completely automated public Turing test to tell' computers and humans apart" (Test of Turing public and completely automatic rifle in order to distinguish computer and humans) and has been coined in the 2000 from Luis von Ahn, Manuel Blum and Nicholas J. Hopper of the UniverisitÓ Carnegie Mellon and from John Langford of IBM.
Alan Turing is famous in order to have
deciphered, in collaboration with Gordon Welchman, the code Enigma of
the Luftwaffe; its studies succeeded to you in the within of the
artificial intelligence carried to what today it is famous as Test of Turing.
Turing was convinced that the computers could have equaled human abilities and proposed like criterion for the verification of intelligence not as well as the ability to think, how much the possibility to distinguish between a human and one machine.
To support of its thesis it proposed a "game of imitation": a computer in a room, a man in an other and between a two third party, a "human interrogator", than does not know in which of the two rooms one is found or the other. Through a testuale interface, the examiner turns questions to both the rooms and, when he is thought satisfied, he tries indovinare in which room the computer is found and in which the man. If the examiner mistakes itself more in order than half of the times, the computer exceeds the test and must be considered equally intelligent of the human challenger.
If the test of Turing is centralized on the problem of the ability from part of the man to distinguish a computer an other human being, our objective is substantially the inverse one: to realize a computer that is in a position to distinguishing a human being from an other computer. For this reason tests CAPTCHA like inverse tests of Turing (Reverse Turing are defined Test, RTT), although the definition can be thought misleading, because it could indicate also a test of Turing in which both the participants try to try that they are not human.
A test CAPTCHA typically used is that one in which it is demanded to a customer to write which are the present letters or numbers in a sequence of letters or numbers that appear distorted or dim to you on the screen and are just what we will use in the CAPTCHA Web Control introduced in this article.
Test CAPTCHA in ASP.NET
In ASP.NET a native control of the human interaction is not available (tests CAPTCHA is famous also with the acronym HIP, Human Interactive Proof); in order to realize of one they serve three elements fundamentalally:
the visualization of the test (the rompicapo) true and just, realized through the insertion of web control (a VisualCaptcha) in a Web Form. This control will come renderizzato from a HttpHandler (VisualCaptchaHandler) like containing image the text (accidentally generated) distorted to characterize.
the collection of the answer from part of the customer, inserted in one normal case of text (TextBox) present in the Web Form.
the visualization of the result of the test (correct or not corrected), implemented with a control of personalized validation ASP.NET (VisualCaptchaValidator).
Operation logic is relatively simple: the information of rappresentazione of the image for the verification (dimensions, number of characters to visualize and style) come set up in the inserted VisualCaptcha control in the page. Executing the page it comes generated an accidental code and the information (VisualCaptchaMetaData) come saved in the cache of ASP.NET, with the expiration defined from the time limit for the solution of the test. The handler, recovering the information from the cache, it will visualize the image for the test and, to the shipment of the demand (page postBack), the answer immessa from the customer will come verified according to the normal school workflow of validazione of ASP.NET through the VisualCaptchaValidator control.
Ours rompicapo a WebControl will be represented to insert in the Web Form, defined in the VisualCaptcha class.
|ChallangeTextLength||It sets up the number of characters of the accidental code to characterize|
|Expiration||This value expresses the maximum time (in second) for the resolution del test CAPTCHA (comes used in order to set up the duration metadati goddesses nella cache). If Expiration <= 0="" la="" scadenza="" Ŕ="">=>|
|IgnoreCase||It indicates if the solution of test CAPTCHA will be estimated holding account of the differences between characters capital letters and small letters (IgnoreCase = false) or in modality houses-insensitive (IgnoreCase = true)|
|RenderUrl||URL used for rendering of the image on the client (defined of the Web.config)|
|Authenticate||Verification that the code immesso from the customer corresponds to the control code|
The useful information of the WebControl for its graphical rappresentazione (text and dimensions) come saved in the cache of ASP.NET like VisualCaptchaMetaData.
For the true and own visualization of the image with the distorted text we implement a HttpHandler (VisualCaptchaHandler) that, on the base of the Guid received in QueryString, it will recover the necessary data from the cache.
In order to verify the result of the test it will come confronted the code inserted from the customer with that one shown in the image. The verification will happen in the cycle of life of page ASP.NET, through the validazione of the Web Form by means of uses it of the VisualCaptchaValidator.
|AssociatedVisualCaptchaControlId||It sets up the ID of the VisualCaptcha control associated to the validatore|
To add CAPTCHA to a Web Form
In order to insert test CAPTCHA to a Web Form ASP.NET it is necessary:
To add a reference to the GURU4.net.Web.Controls.CaptchaLibrary.dll bookcase in the folder "bin" of our Web plan
To add in the rows of configuration of application (web.config) handler the HTTP for the visualization of the image:
<add verb="GET" path="visualcaptcha.axd" type="GURU4.net.Web.Controls.CaptchaLibrary.VisualCaptchaHandler" />
To record assembly "the GURU4.net.Web.Controls.CaptchaLibrary" in the page that will contain test CAPTCHA:
<%@ Register Assembly="GURU4.net.Web.Controls.CaptchaLibrary" Namespace="GURU4.net.Web.Controls.CaptchaLibrary" TagPrefix="ccl" %>
To insert the controls demands (VisualCaptcha, VisualCaptchaValidator and one TextBox) in the Web Form:
<ccl:VisualCaptcha ID="visualCaptchaControl" runat="server" Width="260" Height="80" />
<ccl:VisualCaptchaValidator ID="visualCaptchaValidator" AssociatedVisualCaptchaControlId="visualCaptchaControl" ControlToValidate="txtCaptcha" ErrorMessage="Inserire correttamente il codice visualizzato nell'immagine" runat="server" />
<asp:TextBox ID="txtCaptcha" runat="server" />
FAMOUS: using Microsoft Visual Study it is possible to directly add to the bookcase of controls to the Toolbox, rendering therefore possible the insertion of controls CAPTCHA through drag&drop
For a reason or purpose esemplificativo, of continuation it comes proposed a screenshot that extension the control Visual CAPTCHA inserted in a form of recording account:
Limits of tests CAPTCHA
Visual tests CAPTCHA have two limitations substantially:
VIOLABILIT└: the protection supplied from this type of test particularly is not elevated (various tries you of violation of rompicapo the CAPTCHA has made to record the highest, next percentages of happening to the 100%!)
Although the emergency is rather low, it is however opportune to consider that the insertion of a test of human interaction frappone however a pirata obstacle between computer science and the our software, a deterrent that often is decidedly sufficient.
ACCESSIBILITY: visual tests CAPTCHA are base to you on the ability to the customers to visualize and to interpret the content of an image. It turns out consequently that a ipovedente customer is not in a position to resolving the rompicapo; in some cases the problem could more also be diffused: an image with red and green tonality of would create problems also to persons affette from color-blindness, disturbance that plagues approximately 10% of the male population.
Consortium W3C has published the document Inaccessibility of CAPTCHA in which it comes deepened this problematic one.
Online general it would be opportune to supply to the customer a verification modality alternative, as an example through I listen to and the acknowledgment of a pronounced text (like already implemented from some great portali) or through the analysis of a logical question.