This page has been translated using an automatic translation service and the translation may not be very accurate.

CAPTCHA ASP.NET Web Control (English)

If you use this code and feel it is a useful tool, consider making a donation (through PayPal) to help support the project. You can donate as little or as much as you wish, any amount is greatly appreciated!

Italian page For the original Italian page, please click on the link:

Every Blog, surveys, comments and risen of module of interaction between situated (or a service) Web and the customer more and more often come use you as average for the spread of messages it automates to you to advertising scope or of disturbance (Spam) and this problem turns out to be between more is felt in the last years.
It more and more becomes therefore important to allow our programs to distinguish between a human being and an other computer; in the 2000 great portali and the search engines they began to take care itself of the problem and already arrived to the creation of the CAPTCHA, rompicapo of the easy solution for a human being but extremely difficult for a system automatic rifle (for greater information looks at The CAPTCHA Project).


Term CAPTCHA denotes therefore a made test of or more questions and answers in order to determine if the customer is a human (and not a computer or, more just, a bot). Acronym CAPTCHA derives from English: "completely automated public Turing test to tell' computers and humans apart" (Test of Turing public and completely automatic rifle in order to distinguish computer and humans) and has been coined in the 2000 from Luis von Ahn, Manuel Blum and Nicholas J. Hopper of the UniverisitÓ Carnegie Mellon and from John Langford of IBM.

Alan Turing is famous in order to have deciphered, in collaboration with Gordon Welchman, the code Enigma of the Luftwaffe; its studies succeeded to you in the within of the artificial intelligence carried to what today it is famous as Test of Turing.
Turing was convinced that the computers could have equaled human abilities and proposed like criterion for the verification of intelligence not as well as the ability to think, how much the possibility to distinguish between a human and one machine.
To support of its thesis it proposed a "game of imitation": a computer in a room, a man in an other and between a two third party, a "human interrogator", than does not know in which of the two rooms one is found or the other. Through a testuale interface, the examiner turns questions to both the rooms and, when he is thought satisfied, he tries indovinare in which room the computer is found and in which the man. If the examiner mistakes itself more in order than half of the times, the computer exceeds the test and must be considered equally intelligent of the human challenger.

If the test of Turing is centralized on the problem of the ability from part of the man to distinguish a computer an other human being, our objective is substantially the inverse one: to realize a computer that is in a position to distinguishing a human being from an other computer. For this reason tests CAPTCHA like inverse tests of Turing (Reverse Turing are defined Test, RTT), although the definition can be thought misleading, because it could indicate also a test of Turing in which both the participants try to try that they are not human.

A test CAPTCHA typically used is that one in which it is demanded to a customer to write which are the present letters or numbers in a sequence of letters or numbers that appear distorted or dim to you on the screen and are just what we will use in the CAPTCHA Web Control introduced in this article.


In ASP.NET a native control of the human interaction is not available (tests CAPTCHA is famous also with the acronym HIP, Human Interactive Proof); in order to realize of one they serve three elements fundamentalally:

  1. the visualization of the test (the rompicapo) true and just, realized through the insertion of web control (a VisualCaptcha) in a Web Form. This control will come renderizzato from a HttpHandler (VisualCaptchaHandler) like containing image the text (accidentally generated) distorted to characterize.

  2. the collection of the answer from part of the customer, inserted in one normal case of text (TextBox) present in the Web Form.

  3. the visualization of the result of the test (correct or not corrected), implemented with a control of personalized validation ASP.NET (VisualCaptchaValidator).

Operation logic is relatively simple: the information of rappresentazione of the image for the verification (dimensions, number of characters to visualize and style) come set up in the inserted VisualCaptcha control in the page. Executing the page it comes generated an accidental code and the information (VisualCaptchaMetaData) come saved in the cache of ASP.NET, with the expiration defined from the time limit for the solution of the test. The handler, recovering the information from the cache, it will visualize the image for the test and, to the shipment of the demand (page postBack), the answer immessa from the customer will come verified according to the normal school workflow of validazione of ASP.NET through the VisualCaptchaValidator control.


Ours rompicapo a WebControl will be represented to insert in the Web Form, defined in the VisualCaptcha class.

Name Description
ChallangeTextLength It sets up the number of characters of the accidental code to characterize
Expiration This value expresses the maximum time (in second) for the resolution del test CAPTCHA (comes used in order to set up the duration metadati goddesses nella cache). If Expiration <= 0="" la="" scadenza="" Ŕ="">
IgnoreCase It indicates if the solution of test CAPTCHA will be estimated holding account of the differences between characters capital letters and small letters (IgnoreCase = false) or in modality houses-insensitive (IgnoreCase = true)
RenderUrl URL used for rendering of the image on the client (defined of the Web.config)
Authenticate Verification that the code immesso from the customer corresponds to the control code

The useful information of the WebControl for its graphical rappresentazione (text and dimensions) come saved in the cache of ASP.NET like VisualCaptchaMetaData.

For the true and own visualization of the image with the distorted text we implement a HttpHandler (VisualCaptchaHandler) that, on the base of the Guid received in QueryString, it will recover the necessary data from the cache.


In order to verify the result of the test it will come confronted the code inserted from the customer with that one shown in the image. The verification will happen in the cycle of life of page ASP.NET, through the validazione of the Web Form by means of uses it of the VisualCaptchaValidator.

Name Description
AssociatedVisualCaptchaControlId It sets up the ID of the VisualCaptcha control associated to the validatore

FAMOUS: the previous tables show only the main characteristics of the controls. For the complete public interface one sends back to the documentation online or the attached guide.

For the details implemented to you source of the attached bookcase to this article is sent back to the code.

To add CAPTCHA to a Web Form

In order to insert test CAPTCHA to a Web Form ASP.NET it is necessary:

  1. To add a reference to the bookcase in the folder "bin" of our Web plan

  2. To add in the rows of configuration of application (web.config) handler the HTTP for the visualization of the image:

    <?xml version="1.0"?>
                <add verb="GET" path="visualcaptcha.axd" type="" />
  3. To record assembly "the" in the page that will contain test CAPTCHA:

    <%@ Register Assembly="" Namespace="" TagPrefix="ccl" %>
  4. To insert the controls demands (VisualCaptcha, VisualCaptchaValidator and one TextBox) in the Web Form:

    <ccl:VisualCaptcha ID="visualCaptchaControl" runat="server" Width="260" Height="80" />

    <ccl:VisualCaptchaValidator ID="visualCaptchaValidator" AssociatedVisualCaptchaControlId="visualCaptchaControl" ControlToValidate="txtCaptcha" ErrorMessage="Inserire correttamente il codice visualizzato nell'immagine" runat="server" />

    <asp:TextBox ID="txtCaptcha" runat="server" />

FAMOUS: using Microsoft Visual Study it is possible to directly add to the bookcase of controls to the Toolbox, rendering therefore possible the insertion of controls CAPTCHA through drag&drop

For a reason or purpose esemplificativo, of continuation it comes proposed a screenshot that extension the control Visual CAPTCHA inserted in a form of recording account:

The control Visual CAPTCHA inserted in one Web Form 

For greater information it is sent back to the Web plan of attached example to this article.

Limits of tests CAPTCHA

Visual tests CAPTCHA have two limitations substantially:

  1. VIOLABILIT└: the protection supplied from this type of test particularly is not elevated (various tries you of violation of rompicapo the CAPTCHA has made to record the highest, next percentages of happening to the 100%!)

    Although the emergency is rather low, it is however opportune to consider that the insertion of a test of human interaction frappone however a pirata obstacle between computer science and the our software, a deterrent that often is decidedly sufficient.

  2. ACCESSIBILITY: visual tests CAPTCHA are base to you on the ability to the customers to visualize and to interpret the content of an image. It turns out consequently that a ipovedente customer is not in a position to resolving the rompicapo; in some cases the problem could more also be diffused: an image with red and green tonality of would create problems also to persons affette from color-blindness, disturbance that plagues approximately 10% of the male population.

    Consortium W3C has published the document Inaccessibility of CAPTCHA in which it comes deepened this problematic one.

    Online general it would be opportune to supply to the customer a verification modality alternative, as an example through I listen to and the acknowledgment of a pronounced text (like already implemented from some great portali) or through the analysis of a logical question.


For a deepened analysis more a ASP.NET for the Human Interactive Proof published from Stephen Toub is possible to consult the optimal article framework on MSDN.