1. BotDetect CAPTCHA ASP.NET Configuration

BotDetect Captcha properties can be set in several different ways, depending on the type of value you are customizing.

2. BotDetect CAPTCHA Web.Config Configuration Section

BotDetect configuration options which apply to all Captcha instances within a particular ASP.NET application can be specified in the web.config file. This approach can be seen in the Captcha customization code sample coming with the BotDetect installation.

This configuration section first needs to be registered at the top of the web.config file:

<configuration>

  <configSections>

    <!-- Register the BotDetect configuration section -->

    <section name="botDetect" requirePermission="false"

      type="BotDetect.Configuration.BotDetectConfigurationSection,

        BotDetect" />

  </configSections>

 

 

You can then create the <botDetect> section just below the closing </configSections> element, and (for example) disable all audio Captcha sounds in the application by specifying:

<botDetect>

  <captchaSound enabled="false" />

</botDetect>

3. BotDetect CAPTCHA .aspx / Visual Studio Designer Instance Settings

When adding the BotDetect:Captcha control to the .aspx file defining your form (either by using the Visual Studio Designer or editing the source directly), you can specify various attributes in the element declaration. For example, the simplest way to specify Captcha image size is:

<BotDetect:Captcha ID="SampleCaptcha" runat="server" ImageSize="200, 50" />

However, it's not recommended to use this method to set all Captcha instance properties. Page source declarations are processed when the page is loaded, and since they have to be applied to Captcha images and sounds (which come as separate Http requests), they have to be saved in ASP.NET Session state. It's better not to take up Session space if it's not necessary.

4. BotDetect CAPTCHA Code-Behind Instance Settings

It's also possible to specify various Captcha object settings in your page code-behind code. For example, code type and length can be set in the Page_PreRender override:

protected void Page_PreRender(object sender, EventArgs e)

{

  // initial page setup

  if (!IsPostBack)

  {

    // Captcha code properties

    SampleCaptcha.CodeLength = 4;

    SampleCaptcha.CodeType = BotDetect.CodeType.Numeric;

}

The same caveat applies to this method as with .aspx settings: this code is executed when the form is loaded, but since Captcha images and sounds are loaded in separate Http requests (which don't result in this code being executed), all values set this way have to be saved in ASP.NET Session state. Since different visitors will use separate Sessions, the amount of state used is multiplied by the number of active visitors / Sessions, and it's better not to use a lot of it.

5. BotDetect CAPTCHA Event Handler Property Setting and Randomization

This is the recommended approach to Captcha instance property setting. It's the most complex method, since it requires setting up an event handler. But since this handler is going to be executed for all Captcha requests (including separate Captcha image and sound Http requests), there is no need to persist the values in ASP.NET Session state.

Randomizing Captcha properties significantly improves Captcha security, and it should always be performed in this event handler instead of Page_Load or Page_PreRender, because the Captcha control event is also fired for direct Captcha image and sound requests (which skip the page events since the page is never loaded) – for example when clicking the Captcha reload button repeatedly.

You can see this approach to BotDetect Captcha property setting implemented in the Captcha randomization code sample coming with the BotDetect installation.

First, a InitializedCaptchaControl event handler needs to be registered in the Page_Init override:

protected void Page_Init(object sender, EventArgs e)

{

  SampleCaptcha.InitializedCaptchaControl +=

    new EventHandler<InitializedCaptchaControlEventArgs>(

      SampleCaptcha_InitializedCaptchaControl);

}

Then, randomization rules can be declared in the event handler:

void SampleCaptcha_InitializedCaptchaControl(object sender,

  InitializedCaptchaControlEventArgs e)

{

  if (e.CaptchaId != SampleCaptcha.CaptchaId)

  {

    return;

  }

  CaptchaControl captcha = sender as CaptchaControl;

  // randomize code generation properties

  captcha.CodeStyle = CaptchaRandomization.GetRandomCodeStyle();

  captcha.CodeLength = CaptchaRandomization.GetRandomCodeLength(4, 5);

  captcha.ImageStyle = CaptchaRandomization.GetRandomImageStyle();

  captcha.SoundStyle = CaptchaRandomization.GetRandomSoundStyle();

}

The CaptchaRandomization helper allows easy randomization of Captcha parameters.