I have (tried) to configure our app as per http://docs.telerik.com/devtools/aspnet-ajax/controls/captcha/troubleshooting/using-webfarm-or-webgarden-environment, but am missing some important detail as I cannot get the Captcha default validation to work. The user inputs the Captcha.Text in a textbox (ValidatedTextBoxID="rcTextBox1"). I can trace a test scenario where the Page_load is executed on one application processor and the Post_back is executed on a second application processor. The Captcha.Text in the post_back is from a different(local, initialized) CaptchaImage (a new CaptchaImage.Text and noCaptchaImage.PreviousText). I can pass the original Captcha.Text in Session (sql server) and over-ride the default verification using the user input so I have a work-around. But my expectation is the default Captcha should work "out-of-the-box". I somehow expected I should be able to pass the original CaptchaImage created in the Page_Load to be used in the Post_back. I can save the original image ( Session["CaptchaImage"] = Captcha.CaptchaImage) from the Page_Load but I can't get RadCaptcha to use it directly. I can't set the Captcha.CaptchaImage or Captcha.CaptchaImage.Text from Session as these are only Getters.
Questions:
1) If I set mageStorageLocation="Session" why doesn't the control do the equivalent of a Session["CaptchaImage"] = Captcha.CaptchaImage / Captcha.CaptchaImage = Session["CaptchaImage"] for me.
2) If I must save the CaptchaImage in Session, what do I do with it on th ePost_back?
3) Why does ValidatedTextBoxID="rcTextBox1") cause the rcTextBox1.Text to be ""? I had to copy it to a HiddenField with JavaScript to retrieve the use input.
7 Answers, 1 is accepted
Hi Tom,
This is what the control actually attempts to do. It relies on the Session being shared among all the servers and my best guess at this point is that there is an issue with the session state sharing in the farm.
Generally speaking, the behavior you report is quite strange and there may be something else causing the problem. For example, the POST request may get changed by a proxy or a load balancer.
Ultimately, you can also create your own provider that stores the captcha image as you see fit and according to what works in your environment: http://docs.telerik.com/devtools/aspnet-ajax/controls/captcha/functionality/caching-provider.
Regards,
Telerik by Progress
Rank 1
Hello Tom,
Can you confirm all servers in the farm have the same machine key: http://www.telerik.com/blogs/integrate-radcontrols-for-asp.net-ajax-in-a-webfarm-or-webgarden?
It is quite odd that sharing the session between the servers does not work for the captcha. The only thing I can suggest at this point is that you implement a custom provider that will store the text in a database or in some other location (e.g., a file in a shared location): http://docs.telerik.com/devtools/aspnet-ajax/controls/captcha/functionality/caching-provider. As for the image - it is generated for the end user, the captcha needs the text.
You can also find our built-in session provider by downloading our source code and navigating to the Telerik.Web.UI\Captcha\Captcha\CachingProviders\SessionCachingProvider.cs file.
Regards,
Progress Telerik
Rank 1
yes the machine keys are the same in all web.config files on each app server. Just to be clear we use sql server to store a lot of session state from many pages without problems.
As I said in my previous post, I did download your sample code (thanks for tons of examples I did not know about before. I created a single page app and added a snippet of the sample and set up session state in sql server and when I examine the Session array, there is only 1 RadCaptcha (RadCaptha_TimeOut) property, not CapthaImage.previousText which is what is needed.
I have a work around that saves the user input and I can perform my own validation by saving both CapthaImage.Text and CapthaImage.PreviousText. I check in Page_load (Post_back) and if it is the same app processor I validate with CapthaImage.PreviousText, if it is a new app processor I validate with the CapthaImage.Text I saved in the original Page_Load.
What RadChaptcha properties are supposed to be saved in Session state when I set ImageStorageLocation="Session"
Hello Tom,
The workaround you have devised seems a good approach.
To be honest, I don't know why the built-in provider would not work as expected in your case, and the safe approach is to store the necessary information yourself. Having the text will suffice for validation.
By default, the entire CaptchaImage object is stored in the session. I am attaching a video of how this looks. You will see how the key (a guid) under which the captcha image gets stored changes when each new image is generated and at the end you can see how, if I know the key, I can access it in the page event. Of course, I know the key because i just stepped through the code that generated it.
Regards,
Progress Telerik
Rank 1
Hi Tom,
The captcha settings are stored in the session.
The request for the captcha image asks the session based on this GUID what the captcha image text is.
Thus, if the same Session object is available on all servers, there should be no issues.
Considering the start of the thread, however, there seems to be something specific in your case that prevents the out-of-the-box implementation we have from working properly, so perhaps you should look into creating a custom provider that stores and reads the image based on the requested key.
Regards,
Progress Telerik