Massimiliano
Top achievements
Rank 1
Rank 1
Massimiliano
asked on 27 May 2013, 09:12 PM
Hallo, I'm testing RadCaptcha and I'm struck with a very odd behaviour.
If I use the "Captcha" method (I'm using the cache as storage since I disabled sessions) everything works correctly. If I enter the right code validation passes, otherwise validation fails.
If I use the "InvisibleTextBox" protection instead, validation always fails.
Here is the test string that I'm using, maybe I missed something on it:
This is inside an asp Panel, together with the form fields, ajaxified with RadAjaxManager.
I check the validation in the button click event server side and RadCaptcha1.IsValid is always false and of course validation fails. Any hint to overcome this issue. I can exploit the invisibletextbox feature myself but the timer on form subit requires a bit more work and it is a pity not to use the built-in one inside RadCaptcha. Any hint will be much appreciated. I'm coding on ASP.NET 4.5.
If I use the "Captcha" method (I'm using the cache as storage since I disabled sessions) everything works correctly. If I enter the right code validation passes, otherwise validation fails.
If I use the "InvisibleTextBox" protection instead, validation always fails.
Here is the test string that I'm using, maybe I missed something on it:
<telerik:RadCaptcha ID="RadCaptcha1" ProtectionMode="InvisibleTextBox" MinTimeout="2" ErrorMessage="asdsdasd" Display="Static" runat="server"></telerik:RadCaptcha>This is inside an asp Panel, together with the form fields, ajaxified with RadAjaxManager.
I check the validation in the button click event server side and RadCaptcha1.IsValid is always false and of course validation fails. Any hint to overcome this issue. I can exploit the invisibletextbox feature myself but the timer on form subit requires a bit more work and it is a pity not to use the built-in one inside RadCaptcha. Any hint will be much appreciated. I'm coding on ASP.NET 4.5.
6 Answers, 1 is accepted
0
Hello Massimiliano,
I would suggest checking if there is a custom client-side script on your page that modifies the value of the inputs, including the hidden one that is generated by the RadCaptcha for the InvisibleTextBox protection.
If there is not such a script, please check the attached sample page. I have prepared it according to the provided information, nevertheless I am not able to reproduce the problem. Examine the page and let me know what should be changed in order for the issue to occur.
Regards,
Slav
Telerik
I would suggest checking if there is a custom client-side script on your page that modifies the value of the inputs, including the hidden one that is generated by the RadCaptcha for the InvisibleTextBox protection.
If there is not such a script, please check the attached sample page. I have prepared it according to the provided information, nevertheless I am not able to reproduce the problem. Examine the page and let me know what should be changed in order for the issue to occur.
Regards,
Slav
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
Massimiliano
Top achievements
Rank 1
Rank 1
answered on 04 Jun 2013, 02:42 PM
Sorry for the delay.
I have no such script that somehow fills the invisible text box. Nonetheless I tried your example and it indeed works as expected... I really don't know what to think.
Anyway I implemented my "hand-made" solution with
Wich I think should serve the same purprose with the server function being as simple as:
And this works like a charm so it's really a mistery to me. BUT the important thing is that I thought that the protection modes of RadCaptcha included lower levels of protection so captcha mode would include all 3 modes and InvisibleTextBox would include the minimum time check but it seems it doesn't work that way...
So for example to have both the time check and the invisible text box check, should I use 2 different radcaptcha controls with respective protection mode set?
If is this how it work I just go on with my custom solution for invisible text and add a radcaptcha only for timeout.
EDIT: I tried with
But this fails as well... I'm really confused. The standard "Captcha" protection with text is the only mode that works as expected.
I have no such script that somehow fills the invisible text box. Nonetheless I tried your example and it indeed works as expected... I really don't know what to think.
Anyway I implemented my "hand-made" solution with
<asp:TextBox ID="CheckPassBT" ClientIDMode="Static" runat="server" Text=""></asp:TextBox><asp:CustomValidator ID="CheckPassBTCustomValidator" ClientIDMode="Static" runat="server" OnServerValidate="CheckPassBTValidate" Display="None"></asp:CustomValidator>Wich I think should serve the same purprose with the server function being as simple as:
Protected Sub CheckPassBTValidate(source As Object, args As ServerValidateEventArgs) Handles CheckPassBTCustomValidator.ServerValidate args.IsValid = String.IsNullOrWhiteSpace(CheckPassBT.Text) End SubAnd this works like a charm so it's really a mistery to me. BUT the important thing is that I thought that the protection modes of RadCaptcha included lower levels of protection so captcha mode would include all 3 modes and InvisibleTextBox would include the minimum time check but it seems it doesn't work that way...
So for example to have both the time check and the invisible text box check, should I use 2 different radcaptcha controls with respective protection mode set?
If is this how it work I just go on with my custom solution for invisible text and add a radcaptcha only for timeout.
EDIT: I tried with
<telerik:RadCaptcha ID="RadCaptcha2" runat="server" ProtectionMode="MinimumTimeout" MinTimeout="2" ErrorMessage="asjkdhkjasd" Display="Static" ></telerik:RadCaptcha>But this fails as well... I'm really confused. The standard "Captcha" protection with text is the only mode that works as expected.
0
Shinu
Top achievements
Rank 2
Rank 2
answered on 05 Jun 2013, 06:21 AM
Hi Massimiliano,
Please have a look at the following code I tried to validate page using RadCaptcha InvisibleTextBox ProtectionMode which worked as expected.
ASPX:
JavaScript:
C#:
Thanks,
Shinu.
Please have a look at the following code I tried to validate page using RadCaptcha InvisibleTextBox ProtectionMode which worked as expected.
ASPX:
<telerik:RadTextBox ID="RadTextBox1" runat="server" Label="UserName : "></telerik:RadTextBox><telerik:RadTextBox ID="RadTextBox2" runat="server" Label="Password : " TextMode="Password"></telerik:RadTextBox><telerik:RadCaptcha ID="RadCaptcha1" runat="server" ProtectionMode="InvisibleTextBox"></telerik:RadCaptcha><asp:Label ID="Label1" runat="server"></asp:Label><telerik:RadButton ID="btnVerify" runat="server" Text="Submit" OnClick="btnVerify_Click"></telerik:RadButton><br /><br /><asp:CheckBox ID="CheckBox1" runat="server" Text="Fill the Invisible TextBox to invalidate page" onclick="fillInvisibleTextBox(this);" />JavaScript:
<script type="text/javascript"> function fillInvisibleTextBox(sender) { var invisibleTextBox = $get("<%=RadCaptcha1.ClientID %>_InvisibleTextBox"); if (sender.checked) { invisibleTextBox.value = "SomeText"; } else { invisibleTextBox.value = ""; } }</script>C#:
protected void btnVerify_Click(object sender, EventArgs e){ if (Page.IsValid) { Label1.ForeColor = System.Drawing.Color.Green; Label1.Text = "Page submitted successfully!<br/><br/>"; } else { Label1.ForeColor = System.Drawing.Color.Red; Label1.Text = "Page not submitted. Invisible textbox was filled by a bot!<br/><br/>"; }}Thanks,
Shinu.
0
Massimiliano
Top achievements
Rank 1
Rank 1
answered on 05 Jun 2013, 11:23 AM
Thank you Shinu. It indeed works in a "clean" scenario, there must be something I'm mangling with JS or code behind that screws the basic functionality.
By the way I solved with simple "hand-made" solutions (a session/cache datetime for the timer and an invisible empty textbox)
Thank you so far
By the way I solved with simple "hand-made" solutions (a session/cache datetime for the timer and an invisible empty textbox)
Thank you so far
0
Hi Massimiliano,
Indeed, the different protection modes of RadCaptcha can be used only separately. There should not be any problems with adding more than one captcha control on the page in order to combine the protection modes.
As for the problems you are having, I will need to examine a fully runnable sample that isolates your setup in order to help you accordingly, because the issue is not reproducible in a standard configuration as you noted.
Regards,
Slav
Telerik
Indeed, the different protection modes of RadCaptcha can be used only separately. There should not be any problems with adding more than one captcha control on the page in order to combine the protection modes.
As for the problems you are having, I will need to examine a fully runnable sample that isolates your setup in order to help you accordingly, because the issue is not reproducible in a standard configuration as you noted.
Regards,
Slav
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
0
Massimiliano
Top achievements
Rank 1
Rank 1
answered on 10 Jun 2013, 10:52 AM
Thank you Slav.
It's really odd what's happening indeed. Anyway I solved with a custom "hand-made" solution no probs. Thanks for your support as always.
It's really odd what's happening indeed. Anyway I solved with a custom "hand-made" solution no probs. Thanks for your support as always.