DNTCaptcha.Core
DNTCaptcha.Core is a captcha generator and validator for ASP.NET Core applications.
Install via NuGet
To install DNTCaptcha.Core, run the following command in the Package Manager Console:
PM> Install-Package DNTCaptcha.Core
You can also view the package page on NuGet.
Usage:
- After installing the DNTCaptcha.Core package, add the following definition to the _ViewImports.cshtml file:
@addTagHelper *, DNTCaptcha.Core- Then to use it, add its new tag-helper to your view:
For bootstrap-3:
<dnt-captcha asp-captcha-generator-max="9000"
asp-captcha-generator-min="1"
asp-captcha-generator-language="English"
asp-captcha-generator-display-mode="NumberToWord"
asp-use-relative-urls="true"
asp-placeholder="Security code as a number"
asp-validation-error-message="Please enter the security code as a number."
asp-font-name="Tahoma"
asp-font-size="20"
asp-fore-color="#333333"
asp-back-color="#ccc"
asp-text-box-class="text-box single-line form-control col-md-4"
asp-text-box-template="<div class='input-group col-md-4'><span class='input-group-addon'><span class='glyphicon glyphicon-lock'></span></span>{0}</div>"
asp-validation-message-class="text-danger"
asp-refresh-button-class="glyphicon glyphicon-refresh btn-sm"
asp-show-refresh-button="true"
/>For bootstrap-4 (you will need Bootstrap Icons for the missing font-glyphs too):
<dnt-captcha asp-captcha-generator-max="9000"
asp-captcha-generator-min="1"
asp-captcha-generator-language="English"
asp-captcha-generator-display-mode="NumberToWord"
asp-use-relative-urls="true"
asp-placeholder="Security code as a number"
asp-validation-error-message="Please enter the security code as a number."
asp-font-name="Tahoma"
asp-font-size="20"
asp-fore-color="#333333"
asp-back-color="#ccc"
asp-text-box-class="text-box form-control"
asp-text-box-template="<div class='input-group'><span class='input-group-prepend'><span class='input-group-text'><i class='fas fa-lock'></i></span></span>{0}</div>"
asp-validation-message-class="text-danger"
asp-refresh-button-class="fas fa-redo btn-sm"
asp-show-refresh-button="true"
/>For bootstrap-5 (you will need Bootstrap Icons for the missing font-glyphs too):
<dnt-captcha asp-captcha-generator-max="30"
asp-captcha-generator-min="1"
asp-captcha-generator-language="English"
asp-captcha-generator-display-mode="NumberToWord"
asp-use-relative-urls="true"
asp-placeholder="Security code as a number"
asp-validation-error-message="Please enter the security code as a number."
asp-font-name="Tahoma"
asp-font-size="20"
asp-fore-color="#333333"
asp-back-color="#FCF6F5FF"
asp-text-box-class="form-control"
asp-text-box-template="<div class='input-group'><span class='input-group-text'><span class='bi-lock'></span></span>{0}</div>"
asp-validation-message-class="text-danger"
asp-refresh-button-class="bi-arrow-counterclockwise btn-lg"
asp-show-refresh-button="true"
asp-dir="ltr"
/>- To register its default providers, call
services.AddDNTCaptcha();method in your Startup class.
using DNTCaptcha.Core;
namespace DNTCaptcha.TestWebApp
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddDNTCaptcha(options =>
{
// options.UseSessionStorageProvider() // -> It doesn't rely on the server or client's times. Also it's the safest one.
// options.UseMemoryCacheStorageProvider() // -> It relies on the server's times. It's safer than the CookieStorageProvider.
options.UseCookieStorageProvider(SameSiteMode.Strict) // -> It relies on the server and client's times. It's ideal for scalability, because it doesn't save anything in the server's memory.
// .UseDistributedCacheStorageProvider() // --> It's ideal for scalability using `services.AddStackExchangeRedisCache()` for instance.
// .UseDistributedSerializationProvider()
// Don't set this line (remove it) to use the installed system's fonts (FontName = "Tahoma").
// Or if you want to use a custom font, make sure that font is present in the wwwroot/fonts folder and also use a good and complete font!
.UseCustomFont(Path.Combine(_env.WebRootPath, "fonts", "IRANSans(FaNum)_Bold.ttf")) // This is optional.
.AbsoluteExpiration(minutes: 7)
.ShowThousandsSeparators(false)
.WithNoise(pixelsDensity: 25, linesCount: 3)
.WithEncryptionKey("This is my secure key!")
.InputNames(// This is optional. Change it if you don't like the default names.
new DNTCaptchaComponent
{
CaptchaHiddenInputName = "DNTCaptchaText",
CaptchaHiddenTokenName = "DNTCaptchaToken",
CaptchaInputName = "DNTCaptchaInputText"
})
.Identifier("dntCaptcha")// This is optional. Change it if you don't like its default name.
;
});
}- Now you can add the
ValidateDNTCaptchaattribute to your action method to verify the entered security code:
[HttpPost, ValidateAntiForgeryToken]
[ValidateDNTCaptcha(ErrorMessage = "Please enter the security code as a number.",
CaptchaGeneratorLanguage = Language.English,
CaptchaGeneratorDisplayMode = DisplayMode.NumberToWord)]
public IActionResult Index([FromForm]AccountViewModel data)
{
if (ModelState.IsValid) // If `ValidateDNTCaptcha` fails, it will set a `ModelState.AddModelError`.
{
//TODO: Save data
return RedirectToAction(nameof(Thanks), new { name = data.Username });
}
return View();
}Or you can use the IDNTCaptchaValidatorService directly:
namespace DNTCaptcha.TestWebApp.Controllers
{
public class HomeController : Controller
{
private readonly IDNTCaptchaValidatorService _validatorService;
private readonly DNTCaptchaOptions _captchaOptions;
public HomeController(IDNTCaptchaValidatorService validatorService, IOptions<DNTCaptchaOptions> options)
{
_validatorService = validatorService;
_captchaOptions = options == null ? throw new ArgumentNullException(nameof(options)) : options.Value;
}
[HttpPost, ValidateAntiForgeryToken]
public IActionResult Login2([FromForm]AccountViewModel data)
{
if (!_validatorService.HasRequestValidCaptchaEntry(Language.English, DisplayMode.SumOfTwoNumbersToWords))
{
this.ModelState.AddModelError(_captchaOptions.CaptchaComponent.CaptchaInputName, "Please enter the security code as a number.");
return View(nameof(Index));
}
//TODO: Save data
return RedirectToAction(nameof(Thanks), new { name = data.Username });
}How to choose a correct storage mode
If your environment is distributed and you are using a Session (UseSessionStorageProvider()) or Memory (UseMemoryCacheStorageProvider()) storage providers to store some temporary values, these values will not be distributed at all. By default, ASP.NET's session is maintained in the RAM of the running web server. However, for instance Windows Azure is a stateless platform, web role instances have no local storage; at any time the web role instance could be moved to a different server in the data center. When the web role instance is moved, the session state is lost. To have a perceived sense of state with a stateless protocol on a stateless web server, you need permanent server side storage that persists even if the web role instance is moved. In this case you should UseDistributedCacheStorageProvider() or at first try using the UseCookieStorageProvider().
Tips
- If you are using the
UseCookieStorageProvider()and also theCORSis activated, you should set theSameSiteModetoNone:options.UseCookieStorageProvider(SameSiteMode.None)otherwise its default mode effectively disablesCORS. - If you are using the
Cloudflare, it doesn't like the SameSite cookies. So in this case try setting theSameSiteMode.Noneif theCookieStorageProvideris in use. - If your app is behind a reverse proxy, don't forget to add the forwarded headers middleware.
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.KnownProxies.Add(IPAddress.Parse("my load balancer ip 1"));
options.KnownProxies.Add(IPAddress.Parse("my load balancer ip 2"));
});Samples:
Different supported DisplayModes:
| DisplayMode | Output |
|---|---|
| NumberToWord |  |
| ShowDigits |  |
| SumOfTwoNumbers |  |
| SumOfTwoNumbersToWords |  |
- This library uses unobtrusive Ajax library for the refresh button. Make sure you have included its related scripts too:
- Add required files using the libman. To do it add libman.json file and then run the
libman restorecommand. - Or you can download it from: https://github.com/aspnet/jquery-ajax-unobtrusive/releases
- Add required files using the libman. To do it add libman.json file and then run the
Please follow the DNTCaptcha.TestWebApp sample for more details.
SPA Usage:
It's possible to use this captcha with Angular 4.3+ apps too. Here is a sample to demonstrate it:
Supported Languages
Find all currently supported languages here. To add new language, kindly contribute by editing the following files:
How to use/create a different image provider
If you want to use another drawings library, you just need to implement the ICaptchaImageProvider service and register it as a singleton before adding services.AddDNTCaptcha. Your custom implementation will be used instead of the original one.
services.AddSingleton<ICaptchaImageProvider, MyCustomCaptchaImageProvider>();
services.AddDNTCaptcha();Note:
- You will need this NuGet.config file to restore the required dependencies.
- Don't use this setting, because it will destroy the encrypted part of the captcha's token:
services.Configure<RouteOptions>(options => { options.LowercaseQueryStrings = true; });