Captcha Image Fails to Render on a load balanced setup

15 posts, 0 answers
  1. Tim
    Tim avatar
    79 posts
    Member since:
    Feb 2008

    Posted 07 Aug 2009 Link to this post

    This is an intermittent problem.  Sometimes the captcha image renders as a grey box showing no letters/numbers.  This is only occurring on our load balanced site.

    Our Setup:

    • Two Window 2k3 Servers
    • Both servers are storing session within the ASPState database
    • Users bounce between server A and server B per every page request

    Behaviors:

    • If I hit the two web servers directly, repeatedly requesting the captcha page - no error occurs
    • When I hit the two web servers using the load balancers, the captcha renders a solid grey box - say 40% of the requests.
    • It does not appear to matter which server the load balancer directs my request, as both web servers will sometimes not render the captcha correctly.
    • When the image does show, I have been unsuccessful thus far as to pass the validation test.


    Any help/suggestions are appreciated.  Thanks
    Tim

  2. Tim
    Tim avatar
    79 posts
    Member since:
    Feb 2008

    Posted 10 Aug 2009 Link to this post

    Just an update.  I wish I could re-title this. 

    This load balance issue is bigger than the image rendering or not-rendering.  Thus far, our QA team has not been able pass the Captcha challenge when running through the load balancer.
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Pero
    Admin
    Pero avatar
    1156 posts

    Posted 12 Aug 2009 Link to this post

    Hello Tim,

    We have responded to your question in the corresponding support ticket. Please find the answer there.


    Sincerely yours,
    Pero
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  5. Tim
    Tim avatar
    79 posts
    Member since:
    Feb 2008

    Posted 12 Aug 2009 Link to this post

    Thank you for the information.  I will continue this discussion within my support ticket.

    Just a note for any other user wondering what the resolution is/was:
    Captcha is tied to a server.  This means my non-persistent load balance setup will not work with captcha as the user bounces between servers.
  6. Josh
    Josh avatar
    3 posts
    Member since:
    Jan 2008

    Posted 17 Aug 2009 Link to this post

    I have a similar setup and am experiencing the same issue (gray box w/ no captcha text). Are there any workaround? Is there another vendor that provides a solution that works in this environment?
  7. Tim
    Tim avatar
    79 posts
    Member since:
    Feb 2008

    Posted 17 Aug 2009 Link to this post

    We are still weighing our options.  Ideally we would like Telerik to address this as soon as possible.  At the current time, we do not know if our request will make it to any future Telerik releases.

    Currently my team is looking at these options:
    • Wait for Telerik - who has not said they would fix/enhance it yet
    • Explore 3rd party options
    • Write our own
    • Change the load balance configuration to keep a user on a server for that user's session
    • Make the capture page available only on one server and direct user traffic accordingly
    • Modify the existing Telerik controls using the source code provided by Telerik to store the information in Session vs machine cache.

    If you can think of more options, please let me know.
  8. Pero
    Admin
    Pero avatar
    1156 posts

    Posted 20 Aug 2009 Link to this post

    Hello Tim,

    We are planning to implement a new property of the RadCaptcha that will enable the users to choose where to store the CaptchaImage (Session or Cache). This will be available for the Service Pack release which should be out by the end of this month (August).


    Kind regards,
    Pero
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  9. Tim
    Tim avatar
    79 posts
    Member since:
    Feb 2008

    Posted 20 Aug 2009 Link to this post

    That is great! 

    Thank you for the update.
  10. Joe Hakooz
    Joe Hakooz avatar
    65 posts
    Member since:
    Dec 2007

    Posted 04 Sep 2009 Link to this post

    1. Is the "Invisible Textbox" protection mode a problem on a load balanced setup? I assume not since there is no image involved, but I wanted to ask to be sure.

    2. Is the image protection waaaaay better than invisible textbox mode? I assume so, but again would like confirmation.

    3. Finally, is the update mentioned above (Session Mode) good for non-persistent load balance, or only persistent load balancing?

    Thanks,
    Joe
  11. Pero
    Admin
    Pero avatar
    1156 posts

    Posted 07 Sep 2009 Link to this post

    Hi Joe,

    We have answered all of the questions in the respective support ticket. Please find the answers there.


    Kind regards,
    Pero
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  12. Josh
    Josh avatar
    3 posts
    Member since:
    Jan 2008

    Posted 08 Sep 2009 Link to this post

    Can you please post the responses here in the forum for the rest of us to see?

    Thanks!
  13. Tim
    Tim avatar
    79 posts
    Member since:
    Feb 2008

    Posted 08 Sep 2009 Link to this post

    Joe,

    Here is what I know.

    The support ticket basically said the captcha answer is stored on the individual web server, and would not work for my current needs with load balancing.

    Telerik being very responsive has since released a service pack, just a few weeks ago, that has a session based solution.  I have yet to take this service pack due to timelines on my side, but I am very hopeful.

    Concerning your other questions, I have my notes below.



    1. Is the "Invisible Textbox" protection mode a problem on a load balanced setup? I assume not since there is no image involved, but I wanted to ask to be sure.
    I am not sure what the Invisible Textbox mode is

    2. Is the image protection waaaaay better than invisible textbox mode? I assume so, but again would like confirmation.
    Again, not sure what that mode is

    3. Finally, is the update mentioned above (Session Mode) good for non-persistent load balance, or only persistent load balancing?
    I would guess any setup could use session mode.   In a persistent model, you shouldn't have a problem with the default server cache, but if you want to use session in stead, why not. 
  14. Josh
    Josh avatar
    3 posts
    Member since:
    Jan 2008

    Posted 08 Sep 2009 Link to this post

    The 2009.2 826 release does include an option to store the image in session or cache. However, the session mode errors because the CaptchaImage is not serializeable. Telerik was expecting to have a fix available for this last week, but I have not seen it yet.

  15. Tim
    Tim avatar
    79 posts
    Member since:
    Feb 2008

    Posted 08 Sep 2009 Link to this post

    Ah, good old serializeable.

    We get burnt with that a lot with our code.  When we move it out to the load balanced environments, we store session in a shared Microsoft ASPState database.  However, this requires our custom classes to have the serializeable attribute defined.

  16. Joe Hakooz
    Joe Hakooz avatar
    65 posts
    Member since:
    Dec 2007

    Posted 08 Sep 2009 Link to this post

    Hi all,
    First, the Invisible Textbox is a "less effective" way of doing Captcha and is a setting in the Telerik Captcha. You can read more about it below or on the demo page. Also, it appears the Invisible Textbox isn't working correctly but is being fixed in the next release and available now as a hotfix.
    Finally, I'm not totally clear on this but I believe just using Captcha SessionMode (once it's fixed) will not work for me since my load balancer is using non-persistence (aka, each request could go to a different server). Unless maybe storing Session in SQL is the answer??? I'm following up w/ Telerik on this one.

    Here is the response to my questions from Telerik (I hope they don't mind that I'm posting this...)

    In reference to your questions:

    1. The new property of the RadCaptcha, ImageStorageLocation, when set to Session stores the Image in the Session. If the Session in the web farm environment is persisted and shared among all of the servers the RadCaptcha will work without a problem and the image will be rendered correctly.
    2. The InvisibleTextBox mode will not have any problems if the website is hosted in a web farm environment. All it does is, load a TextBox with "display:none" and if the TextBox is filled the RadCaptcha recognizes the user as a bot.
    3. The Captcha ProtectionMode is more secure compared to the InvisibleTextBox mode, because there is possibility that the bot is configured to avoid the fields which have display:none. On the other hand there is no computer which can recognize the characters rendered on the image.     

    "Regarding my problem getting Invisible Textbox to work. The actual invisible textbox is not rendering"... This is a known problem when InvisibleTextBox mode is chosen for spam protection. It is already fixed and will be available for the next official release of the RadControls for ASP.NET AJAX. Until then you can download the latest internal build where the issue does not exist.

    Hope that helps,
    Joe
Back to Top
UI for ASP.NET Ajax is Ready for VS 2017