I’ve only recently worked with reCAPTCHA, but I was that impressed with it that I thought it deserved a tutorial. Getting the captcha itself into your web page is extremely easy, and is sufficiently documented on the reCAPTCHA site. This article will instead focus on how to validate the input from a captcha control using their web service without creating or borrowing a custom control. Much of the code used here is based on code found at googlecode.
There are three main stages to this. Firstly we create an HttpWebRequest object that we can use to request a response from the web service, and write our parameters for the web method to the request stream. We then get a response using the request and then read the response stream. Finally, we parse the result, and decide whether the captcha was solved.
Firstly, we’ll create a web request using the static method Create in WebRequest, and set it’s properties so that it will work with the web service. As always, I’ve omitted any try/catch statements so that the point of the tutorial is clearer:
-
string PRIVATE_KEY = "put your reCAPTCHA private key here";
-
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(
-
"http://api-verify.recaptcha.net/verify");
-
-
/*
-
This string will be written to the request stream, and contains
-
all the parameters required by the web service
-
*/
-
string body = String.Format(
-
"privatekey={0}&remoteip={1}&challenge={2}&response={3}",
-
PRIVATE_KEY, Page.Request.UserHostAddress == "::1" ?
-
"127.0.0.1" : Page.Request.UserHostAddress,
-
Page.Request.Form["recaptcha_challenge_field"],
-
Page.Request.Form["recaptcha_response_field"]);
-
-
// Encode the string using UTF8
-
bodyBytes = System.Text.Encoding.UTF8.GetBytes(body);
-
-
// Set up the required request properties
-
request.Method = "POST";
-
request.ContentType = "application/x-www-form-urlencoded";
-
request.ContentLength = bodyBytes.Length;
-
request.ProtocolVersion = new Version("1.0");
-
-
// Write to the request stream
-
s = request.GetRequestStream();
-
s.Write(bodyBytes, 0, bodyBytes.Length);
-
s.Close();
Next we need to get a response from the web service, and read the response stream into a string:
-
HttpWebResponse resp = (HttpWebResponse)request.GetResponse();
-
Stream s2 = resp.GetResponseStream();
-
StreamReader sr = new StreamReader(s2);
-
string respString = sr.ReadToEnd();
-
sr.Close();
The response string from the web service is in the format [boolean]\n[errorCode] where boolean is [true|false] and errorCode is a text string explaining any errors. Error codes are well documented on the reCAPTCHA site. For simplicity’s sake, we’re just going to parse the first line which will be true if the captcha was solved, and false if it was not:
-
string[] respParams = respString.Split(new char[] { '\n' });
-
-
if (Boolean.Parse(respParams[0]))
-
{
-
// The captcha was solved.
-
}
-
else
-
{
-
// The captcha was not solved.
-
}
There you have it. Of course, the whole thing needs to be try/catch/finally-ized very thoroughly, there are a couple of streams that will need disposing of and while I’m sure reCATCHA’s servers are extremely reliable, there is a chance they could go down, meaning an exception at request.GetResponse().
So there you go, at the time of writing, reCAPTCHA have very few examples of captcha use in ASP.NET, I hope this helps to get some people up and running with their services.
