This is a migrated thread and some comments may be shown as answers.

Captcha Image Fails to Render on a load balanced setup

14 Answers 656 Views
Captcha
This is a migrated thread and some comments may be shown as answers.
Jeff
Top achievements
Rank 1
Jeff asked on 07 Aug 2009, 07:21 PM

This is an intermittent problem.  Sometimes the captcha image renders as a grey box showing no letters/numbers.  This is only occurring on our load balanced site.

Our Setup:

  • Two Window 2k3 Servers
  • Both servers are storing session within the ASPState database
  • Users bounce between server A and server B per every page request

Behaviors:

  • If I hit the two web servers directly, repeatedly requesting the captcha page - no error occurs
  • When I hit the two web servers using the load balancers, the captcha renders a solid grey box - say 40% of the requests.
  • It does not appear to matter which server the load balancer directs my request, as both web servers will sometimes not render the captcha correctly.
  • When the image does show, I have been unsuccessful thus far as to pass the validation test.


Any help/suggestions are appreciated.  Thanks
Tim

14 Answers, 1 is accepted

Sort by
0
Jeff
Top achievements
Rank 1
answered on 10 Aug 2009, 09:01 PM
Just an update.  I wish I could re-title this. 

This load balance issue is bigger than the image rendering or not-rendering.  Thus far, our QA team has not been able pass the Captcha challenge when running through the load balancer.
0
Pero
Telerik team
answered on 12 Aug 2009, 11:44 AM
Hello Tim,

We have responded to your question in the corresponding support ticket. Please find the answer there.


Sincerely yours,
Pero
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
0
Jeff
Top achievements
Rank 1
answered on 12 Aug 2009, 11:50 AM
Thank you for the information.  I will continue this discussion within my support ticket.

Just a note for any other user wondering what the resolution is/was:
Captcha is tied to a server.  This means my non-persistent load balance setup will not work with captcha as the user bounces between servers.
0
Josh
Top achievements
Rank 1
answered on 17 Aug 2009, 06:12 PM
I have a similar setup and am experiencing the same issue (gray box w/ no captcha text). Are there any workaround? Is there another vendor that provides a solution that works in this environment?
0
Jeff
Top achievements
Rank 1
answered on 17 Aug 2009, 06:24 PM
We are still weighing our options.  Ideally we would like Telerik to address this as soon as possible.  At the current time, we do not know if our request will make it to any future Telerik releases.

Currently my team is looking at these options:
  • Wait for Telerik - who has not said they would fix/enhance it yet
  • Explore 3rd party options
  • Write our own
  • Change the load balance configuration to keep a user on a server for that user's session
  • Make the capture page available only on one server and direct user traffic accordingly
  • Modify the existing Telerik controls using the source code provided by Telerik to store the information in Session vs machine cache.

If you can think of more options, please let me know.
0
Pero
Telerik team
answered on 20 Aug 2009, 01:55 PM
Hello Tim,

We are planning to implement a new property of the RadCaptcha that will enable the users to choose where to store the CaptchaImage (Session or Cache). This will be available for the Service Pack release which should be out by the end of this month (August).


Kind regards,
Pero
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
0
Jeff
Top achievements
Rank 1
answered on 20 Aug 2009, 02:41 PM
That is great! 

Thank you for the update.
0
Joe
Top achievements
Rank 2
answered on 04 Sep 2009, 10:06 PM
1. Is the "Invisible Textbox" protection mode a problem on a load balanced setup? I assume not since there is no image involved, but I wanted to ask to be sure.

2. Is the image protection waaaaay better than invisible textbox mode? I assume so, but again would like confirmation.

3. Finally, is the update mentioned above (Session Mode) good for non-persistent load balance, or only persistent load balancing?

Thanks,
Joe
0
Pero
Telerik team
answered on 07 Sep 2009, 02:28 PM
Hi Joe,

We have answered all of the questions in the respective support ticket. Please find the answers there.


Kind regards,
Pero
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
0
Josh
Top achievements
Rank 1
answered on 08 Sep 2009, 01:44 PM
Can you please post the responses here in the forum for the rest of us to see?

Thanks!
0
Jeff
Top achievements
Rank 1
answered on 08 Sep 2009, 02:01 PM
Joe,

Here is what I know.

The support ticket basically said the captcha answer is stored on the individual web server, and would not work for my current needs with load balancing.

Telerik being very responsive has since released a service pack, just a few weeks ago, that has a session based solution.  I have yet to take this service pack due to timelines on my side, but I am very hopeful.

Concerning your other questions, I have my notes below.



1. Is the "Invisible Textbox" protection mode a problem on a load balanced setup? I assume not since there is no image involved, but I wanted to ask to be sure.
I am not sure what the Invisible Textbox mode is

2. Is the image protection waaaaay better than invisible textbox mode? I assume so, but again would like confirmation.
Again, not sure what that mode is

3. Finally, is the update mentioned above (Session Mode) good for non-persistent load balance, or only persistent load balancing?
I would guess any setup could use session mode.   In a persistent model, you shouldn't have a problem with the default server cache, but if you want to use session in stead, why not. 
0
Josh
Top achievements
Rank 1
answered on 08 Sep 2009, 03:46 PM
The 2009.2 826 release does include an option to store the image in session or cache. However, the session mode errors because the CaptchaImage is not serializeable. Telerik was expecting to have a fix available for this last week, but I have not seen it yet.

0
Jeff
Top achievements
Rank 1
answered on 08 Sep 2009, 04:18 PM
Ah, good old serializeable.

We get burnt with that a lot with our code.  When we move it out to the load balanced environments, we store session in a shared Microsoft ASPState database.  However, this requires our custom classes to have the serializeable attribute defined.

0
Joe
Top achievements
Rank 2
answered on 08 Sep 2009, 07:16 PM
Hi all,
First, the Invisible Textbox is a "less effective" way of doing Captcha and is a setting in the Telerik Captcha. You can read more about it below or on the demo page. Also, it appears the Invisible Textbox isn't working correctly but is being fixed in the next release and available now as a hotfix.
Finally, I'm not totally clear on this but I believe just using Captcha SessionMode (once it's fixed) will not work for me since my load balancer is using non-persistence (aka, each request could go to a different server). Unless maybe storing Session in SQL is the answer??? I'm following up w/ Telerik on this one.

Here is the response to my questions from Telerik (I hope they don't mind that I'm posting this...)

In reference to your questions:

  1. The new property of the RadCaptcha, ImageStorageLocation, when set to Session stores the Image in the Session. If the Session in the web farm environment is persisted and shared among all of the servers the RadCaptcha will work without a problem and the image will be rendered correctly.
  2. The InvisibleTextBox mode will not have any problems if the website is hosted in a web farm environment. All it does is, load a TextBox with "display:none" and if the TextBox is filled the RadCaptcha recognizes the user as a bot.
  3. The Captcha ProtectionMode is more secure compared to the InvisibleTextBox mode, because there is possibility that the bot is configured to avoid the fields which have display:none. On the other hand there is no computer which can recognize the characters rendered on the image.     

"Regarding my problem getting Invisible Textbox to work. The actual invisible textbox is not rendering"... This is a known problem when InvisibleTextBox mode is chosen for spam protection. It is already fixed and will be available for the next official release of the RadControls for ASP.NET AJAX. Until then you can download the latest internal build where the issue does not exist.

Hope that helps,
Joe
Tags
Captcha
Asked by
Jeff
Top achievements
Rank 1
Answers by
Jeff
Top achievements
Rank 1
Pero
Telerik team
Josh
Top achievements
Rank 1
Joe
Top achievements
Rank 2
Share this question
or