The word ‘CAPTCHA’ stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Most World Wide Web users will have seen this kind of test in the form of a picture of a word (usually distorted), which the user must type into an input box to prove that they are a real person, and not just a spambot, or some other computerized agent trawling the Web for exploits.
A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions from spambots – automated scripts that harvest email address from publicly available web forms.
Implementing CAPTCHA For SharePoint
Create HTTPHandler for Generating Image
The easiest way to create a custom HttpHandler component is to create a source file with an .ashx extension. You must then add a @WebHandler directive to the top of the .ashx file, along with a class definition that implements the IHttpHandler interface. Any class that implements the IHttpHandler interface must provide an implementation of the IsReusable method and the ProcessRequest method. If you want to be able to program against the Windows SharePoint Services object model from inside the HttpHandler component, you can also add an @Assembly directive to reference the Microsoft.SharePoint assembly.
1. Create a folder inside LAYOUTS directory. For e.g.: C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\Sprint
2. Create a file named captcha.ashx inside that folder.
3. Include the following code in captcha.ashx
<%@ Assembly Name="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ WebHandler Language="C#" Class="captcha" %>
using System;
using System.Web;
using System.Drawing;
using System.Web.SessionState;
using System.Data;
using System.Configuration;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Drawing.Drawing2D;
public class captcha : IHttpHandler, IRequiresSessionState
{
public void ProcessRequest (HttpContext context) {
context.Response.ContentType = "image/jpeg";
ADSSAntiBot captcha = new ADSSAntiBot();
string str = captcha.DrawNumbers(5);
if (context.Session[ ADSSAntiBot.SESSION_CAPTCHA] == null) context.Session.Add(ADSSAntiBot.SESSION_CAPTCHA, str);
else
{
context.Session[ ADSSAntiBot.SESSION_CAPTCHA] = str;
}
Bitmap bmp = captcha.Result;
bmp.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Jpeg);
}
public bool IsReusable {
get {
return true;
}
}
}
public class ADSSAntiBot
{
public static string SESSION_CAPTCHA = "CAPTCHA";
const int default_width = 135;
const int default_height = 35;
protected Bitmap result = null;
public int Width;
public int Height;
public ADSSAntiBot()
{
InitBitmap(default_width, default_height);
rnd = new Random();
}
public ADSSAntiBot(int width, int height)
{
InitBitmap(width, height);
}
protected void InitBitmap(int width, int height)
{
result = new Bitmap(width, height);
Width = width;
Height = height;
rnd = new Random();
}
public PointF Noise(PointF p, double eps)
{
p.X = Convert.ToSingle(rnd.NextDouble() * eps * 2 - eps) + p.X;
p.Y = Convert.ToSingle(rnd.NextDouble() * eps * 2 - eps) + p.Y;
return p;
}
public PointF Wave(PointF p, double amp, double size)
{
p.Y = Convert.ToSingle(Math.Sin(p.X / size) * amp) + p.Y;
p.X = Convert.ToSingle(Math.Sin(p.X / size) * amp) + p.X;
return p;
}
public GraphicsPath RandomWarp(GraphicsPath path)
{
// Add line //
int PsCount = 10;
PointF[] curvePs = new PointF[PsCount * 2];
for (int u = 0; u < PsCount; u++)
{
curvePs[u].X = u * (Width / PsCount);
curvePs[u].Y = Height / 2;
}
for (int u = PsCount; u < (PsCount * 2); u++)
{
curvePs[u].X = (u - PsCount) * (Width / PsCount);
curvePs[u].Y = Height / 2 + 2;
}
path.AddLines(curvePs);
//
double eps = Height * 0.05;
double amp = rnd.NextDouble() * (double)(Height / 3);
double size = rnd.NextDouble() * (double)(Width / 4) + Width / 8;
double offset = (double)(Height / 3);
PointF[] pn = new PointF[path.PointCount];
byte[] pt = new byte[path.PointCount];
GraphicsPath np2 = new GraphicsPath();
GraphicsPathIterator iter = new GraphicsPathIterator(path);
for (int i = 0; i < iter.SubpathCount; i++)
{
GraphicsPath sp = new GraphicsPath();
bool closed;
iter.NextSubpath(sp, out closed);
Matrix m = new Matrix();
m.RotateAt(Convert.ToSingle(rnd.NextDouble() * 30 - 15), sp.PathPoints[0]);
//m.Shear(Convert.ToSingle( rnd.NextDouble()*offset-offset ),Convert.ToSingle( rnd.NextDouble()*offset-offset/2 ));
//m.Shear(1,1);
//m.Scale(0.5f + Convert.ToSingle(rnd.NextDouble()), 0.5f + Convert.ToSingle(rnd.NextDouble()), MatrixOrder.Prepend);
m.Translate(-1 * i, 0);
sp.Transform(m);
np2.AddPath(sp, true);
}
for (int i = 0; i < np2.PointCount; i++)
{
//pn[i] = Noise( path.PathPoints[i] , eps);
pn[i] = Wave(np2.PathPoints[i], amp, size);
pt[i] = np2.PathTypes[i];
}
GraphicsPath newpath = new GraphicsPath(pn, pt);
return newpath;
}
Random rnd;
public string DrawNumbers(int len)
{
string str = "";
for (int i = 0; i < len; i++)
{
int n = rnd.Next() % 10;
str += n.ToString();
}
DrawText(str);
return str;
}
public void DrawText(string aText)
{
Graphics g = Graphics.FromImage(result);
int startsize = Height;
Font f = new Font("Verdana", startsize, FontStyle.Bold, GraphicsUnit.Pixel);
do
{
f = new Font("Verdana", startsize, GraphicsUnit.Pixel);
startsize--;
} while ((g.MeasureString(aText, f).Width >= Width) || (g.MeasureString(aText, f).Height >= Height));
SizeF sf = g.MeasureString(aText, f);
int width = Convert.ToInt32(sf.Width);
int height = Convert.ToInt32(sf.Height);
int x = Convert.ToInt32(Math.Abs((double)width - (double)Width) * rnd.NextDouble());
int y = Convert.ToInt32(Math.Abs((double)height - (double)Height) * rnd.NextDouble());
//////// Paths ///
GraphicsPath path = new GraphicsPath(FillMode.Alternate);
FontFamily family = new FontFamily("Verdana");
int fontStyle = (int)(FontStyle.Regular);
float emSize = f.Size;
Point origin = new Point(x, y);
StringFormat format = StringFormat.GenericDefault;
path.AddString(aText, family, fontStyle, emSize, origin, format);
path = RandomWarp(path);
/// Path ///
g.TextRenderingHint = System.Drawing.Text.TextRenderingHint.AntiAliasGridFit;
Rectangle rect = new Rectangle(0, 0, Width, Height);
g.FillRectangle(new System.Drawing.Drawing2D.LinearGradientBrush(rect, Color.White, Color.LightGray, 0f), rect);
//g.DrawString(aText, f, new SolidBrush(Color.Black), x, y);
g.SmoothingMode = SmoothingMode.AntiAlias;
g.FillPath(new SolidBrush(Color.Black), path);
// Dispose //
g.Dispose();
}
public Bitmap Result
{
get
{
return result;
}
}
}
Now, this HTTPHandler is accessible to any site in the farm by using a site-relative path. http://MyWebServer/_layouts/ACME/captcha.ashx
Note:Please make sure that you have unblocked .ashx extension for your web application from Central Administration.
Unblock .ashx extension for your web application from Central Administration
1. Open SharePoint 3.0 Central Administration.
2. Click Operations tab.3. Click Blocked file types under Security Configuration.4. Select your web application.5. Remove ashx file extension from the list.6. Click OK.Implement SharePoint WebPart for CAPTCHA
1. Create a Class Library Project using Visual Studio 2005.2. Add a reference to:a. System.Webb. Microsoft.SharePoint
 
using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using Microsoft.SharePoint;
using Microsoft.SharePoint.WebPartPages;
namespace CaptchaWebPart
{
public class CaptchaWebPart : WebPart
{
private Image imgCaptcha;
private TextBox txtCaptchaNumber;
private RequiredFieldValidator rfv;
private CustomValidator captchaValidator; // Performs user-defined validation on an input control.
///
/// Override the ASP.NET Web.UI.Controls.CreateChildControls method
/// to create the objects for the Web Part's controls.
///
protected override void CreateChildControls()
{
// Get the SPWeb
//SPSite siteColl = SPContext.Current.Site;
SPWeb site = SPContext.Current.Web;
// table Formatting
Controls.Add(new LiteralControl("<_table border="\">"));
Controls.Add(new LiteralControl("<_tr><_td>"));
// CAPTCHA Image
imgCaptcha = new Image();
imgCaptcha.ID = "imgCaptcha";
imgCaptcha.ImageUrl = site.Url + "/_layouts/Sprint/captcha.ashx";
imgCaptcha.AlternateText = "If you can't read this number refresh your screen.";
Controls.Add(imgCaptcha);
Controls.Add(new LiteralControl(""));
Controls.Add(new LiteralControl("<_tr><_td>"));
Controls.Add(new LiteralControl("<_strong>Enter the code shown above: <_span style="\">*<_br>"));
// Textbox for user to enter CAPTCHA Text
txtCaptchaNumber = new TextBox();
txtCaptchaNumber.ID = "txtCaptchaNumber";
txtCaptchaNumber.EnableViewState = false;
Controls.Add(txtCaptchaNumber);
// Required Field Validator
rfv = new RequiredFieldValidator();
rfv.ControlToValidate = "txtCaptchaNumber";
rfv.Display = ValidatorDisplay.Dynamic;
rfv.Text = "*";
Controls.Add(rfv);
captchaValidator = new CustomValidator();
captchaValidator.ServerValidate += new ServerValidateEventHandler(captchaValidator_ServerValidate);
captchaValidator.Display = ValidatorDisplay.Dynamic;
captchaValidator.Text = "Incorrect Code";
Controls.Add(captchaValidator);
Controls.Add(new LiteralControl("<_br><_i>(Note: If you cannot read the numbers in the above image, reload the page to generate a new one.)"));
Controls.Add(new LiteralControl(""));
Controls.Add(new LiteralControl(""));
}
///
/// Renders the HTML for the body of a Web Part to the client.
///
///
protected override void RenderWebPart(HtmlTextWriter output)
{
RenderChildren(output);
}
///
/// Raises the ServerValidate event for the CustomValidator control.
///
///
///
void captchaValidator_ServerValidate(object source, ServerValidateEventArgs args)
{
if (txtCaptchaNumber.Text == (string)this.Page.Session["CAPTCHA"])
{
args.IsValid = true;
}
else
{
args.IsValid = false;
}
}
}
}
Note: Please remove _ from above code appearing before HTML Tags (for e.g.: _table, _td, _tr)
3. Sign the assembly with Strong Key Name file.4. Compile the code.
Configuring Portal to use Captcha WebPart
1. Navigate to Blog’s site.
2. Click on Comments link under any blog post. (http://provpc:24106/ACME/Lists/Posts/Post.aspx?ID=1#Comments&PageView=Shared)
3. Click Site Actions -> Edit Page.
4. Click Add a Web Part.
5. Select CaptchaWebPart from category Miscellaneous under All Web Parts.
6. Click edit -> Modify Shared Web Part.
7. Select Chrome Type as None.
8. Click OK.
9. Align CaptchaWebPart below New Comment WebPart.
10.Click Exit Edit Mode.
The CAPTCHA WebPart will appear as below:
Code Download:
 Print Version
 Print Version Email Page
 Email Page Add to Favorites
 Add to Favorites Comments
 Comments Alert Me
 Alert Me Add to My Links
 Add to My Links 
 
31 comments:
I get this error when I try to add the solution to my instace of MOSS 2007:
stsadm -o addsolution -filename Captcha.wsp
The solution references a namespace that is not valid. Ensure that the solution'
s manifest.xml file references "http://schemas.microsoft.com/sharepoint/"
I followed your instructions verbatim and seem to have hit a brick wall... could you provide a zip of the source code?
Hello Anonymous,
I have added the zip of source code on the post.
Thanks & Regards,
Nanddeep Nachan
Hey Nanddeep,
does the my own webpart need to have some code to stop processing if the validation fails? how do i find out in my custom webpart that the validation has failed?
Cheers,
Jas
Hello Jas,
Yes, your webpart should have a code to stop processing, if the validation fails.
For this, you can make use of ASP .Net Validation Controls.
For e.g.,
1) Required Field Validation:
To use this, you can write below code inside CreateChildControls() method:
private RequiredFieldValidator rfv;
rfv = new RequiredFieldValidator();
rfv.ControlToValidate = "txtCaptchaNumber";
rfv.Display = ValidatorDisplay.Dynamic;
rfv.Text = "*";
Controls.Add(rfv);
2) Custom Validation
private CustomValidator captchaValidator;
captchaValidator = new CustomValidator();
captchaValidator.ServerValidate += new ServerValidateEventHandler(captchaValidator_ServerValidate);
captchaValidator.Display = ValidatorDisplay.Dynamic;
captchaValidator.Text = "Incorrect Code";
Controls.Add(captchaValidator);
void captchaValidator_ServerValidate(object source, ServerValidateEventArgs args)
{
// if Validtion succeeds
args.IsValid = true;
// if Validtion fails
args.IsValid = false;
}
Hope, this answers your question.
Does this work only for a blog? is there a way to make this work for a newform.aspx page?
Yes. This a web part, you can even add it to newform.aspx page
Hello
How I can use webpart in newform.aspx?
Sorry for asking this question, as I am new bie in programming as well as in MOSS.
Please advise
Sonaly
Hello Disha,
1. Open the NewForm.aspx in SharePoint Designer.
2. Click Add Web Part.
3. Add CAPTCHA web part.
Please let me know, how it works.
Regards,
Nanddeep
I followed you detailed documentation and everything looks great, but I wasn't able to save my changed when I went to modify shared web part to change the chrome type to none or even the name
Hi Nanddeep,
I installed your web part into my development server and production server. It works great on development server. However, I got an error on my production server. I can't see the image at all. When I broswer to the url: http://mywebsite.com/_layouts/ACME/captcha.ashx
I see this error. Do you have an idea?
---------------------------
Object reference not set to an instance of an object. at captcha.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Troubleshoot issues with Windows SharePoint Services.
Henry Cheung
Hello Henry,
Make sure you have allowed File type - .ashx on to production.
Regards,
Nanddeep
Hi Nanddeep,
Do you think .Net Ajax need to be install in my SharePoint servers?
I found that all the working servers have .Net Ajax installed.
The only one that doesnt' work have no Ajax.
Thanks
Henry
Hi Nanddeep,
Great post, evrything works fine, except the session ["CAPTCHA"] never gets set. Any possible cause? I've set the sessionstate in web.config.
Regards,
Nanhui
hi..
ur captcha is really wrkg good....
but here i face a problem...
i create a webform then add the captcha there...its appear..and still can detect correct r incorrect captcha..the prob is, my web form have to savedata in sharepoint list, when i insert correct captcha n detail in form...the data is not insert in list...
how to solve?
I'm no coder, so I opted to use the wsp package and other files you provided in the zip. I followed the steps you specified in the CAPTCHA word document:
I couldn't find any captcha.ashx in the zip, so I copied the code and created the file myself. I created and put it into the 12\TEMPLATE\LAYOUTS\ACME directory.
I unblocked .ashx from the blocked file list in SharePoint Central Administration for both the application and the Central Administration sites.
I managed to install the wsp feature and activate it just fine in the blog site. I did the IISRESET.
However, for some odd reason that I cannot fathom, the CAPTCHA webpart never appears in the list of webparts when I try to add a webpart. I don't get any error either. Can you help me in this?
Oh, and additionally when I try to navigate to the http:///_layouts/ACME/captcha.ashx URL I get a SharePoint Error page. Is this normal?
Hello Mikael,
Please try below steps:
1. Go to Site Settings.
2. Click Web Parts under Galleries.
3. In Web Part Gallery, Click New.
4. Select check-box next to CAPTCHA.
5. Click Populate Gallery button.
Now, you should see CAPTCHA web part in available web parts.
Let me know, if this helps you.
Hello again Mikael,
No, that's not a normal behavior. Try navigating to page as:
http:///_layouts/ACME/captcha.ashx
for eg:
http://localhost:1589/_layouts/ACME/captcha.ashx
Thanks for your quick answer. Yes, I had forgotten to populate the gallery. I now can add the webpart just fine.
However, now it doesn't show the image despite refreshing the screen. If I understood the code correctly, it has to do with the .ashx file.
http://localhost/_layouts/ACME/captcha.ashx
Gets me an SharePoint unknown error. The eventlog mentions something about alternate access mappings and such.
http:///_layouts/ACME/captcha.ashx still gets me the Unknown Error, but with no Eventlog messages.
I checked http://:
ade
adp
app
asa
asmx
asp
bas
bat
cdx
What next?
Nanddeep, I've partly figured why captcha.ashx crashes in my testing environment.
I want to make the Captcha work in WSS 3.0. In the two environments with WSS 3.0 that I tested the captcha.ashx alone with, I encountered the SharePoint error. However, in our SharePoint 2007 environment, the captcha.ashx works just fine and displays an captcha image.
Can you tell what is the underlying problem, and perhaps compile a version for WSS 3.0 or explain if and how I can get it to work?
The Captcha webpart itself seems to work just as fine in WSS 3.0, so I suspect there's only a little that needs to be done for captcha.ashx to work properly.
Btw, what happens when the captcha verification fails? Will the user be notified about it?
Mikael
Hello Mikael,
I need to re-check the code for WSS 3.0, as while writing I targeted it for MOSS.
User will not be able to submit the form, if the captcha verification fails.
Ok, please check the code. :)
Will the users be notified about the failed captcha verification? Or is there any other way I can specify what happens when they can't submit the form?
It needs to be explicit that the captcha verification failed.
Hello Mikael,
I verified that CAPTCHA is working fine in WSS and MOSS both at my side.
The user will be notified with a error message of CAPTCHA verification fail.
Hello Nanddeep,
This is odd, I can't understand why the ashx file displays an error for me in my WSS 3.0 environments but not in the SharePoint 2007 standard environment.
Can you please email your ashx file to me? Do not publish this comment to avoid disclosing my email address. You can email it to mikael.henriksson@synocus.com.
Mikael
Hello Nanddeep
I have have used your code for CAPTCHA and works fine in Development but i am having one query before deploying on Live Server which is as follows
I am having server farm where i need to deploy this webpart on the site. will this webpart work on site which is deployed were there is server farm environment?
I have asked you the question as i am consern about sessionstate as it is used in webpart and i think it we require SQLServer Session for it.
So do i need to make any configuration for it in web.config to make it run in farm ?
Hello Nanddeep,
I created the solution file, change a little code, then I followed the steps you specified in the CAPTCHA word document.I unblocked .ashx from the blocked file list in SharePoint Central Administration for both the application and the Central Administration sites.
I managed to install the wsp feature and activate it just fine in the blog site. I did the IISRESET.
However, webpart doesn't appear in Populate Gallery Web part list, and i can't add it. In what can be mistake?
Dasha.
Hello Nanddeep. I'm trying to adapt your code for sharepoint 2010 foundation. But CAPTCHA webpart never appears in the list of webparts when I try to add a webpart. I don't get any error either. Can you help me in this?
i have try your Captcha Code and it's working...
Hey, how do you attach the validation to the button ?
Hi,
How to reload the text displayed when we click refresh button?
Pls share me the code to reload captcha image
Hello,
I have used your captcha code .
Am using Sharepoint 2013. Am getting error "Application error when access /_layouts/15/captcha/captcha.ashx, Error=Object reference not set to an instance of an object." when i tried to check my ashx file.whereas simple Ashx work which print site url and name.
Let me know if i need to change anything,
I have removed ashx from blocked files.
Post a Comment