Massimiliano
Top achievements
Rank 1
Massimiliano
asked on 27 May 2013, 09:12 PM
Hallo, I'm testing RadCaptcha and I'm struck with a very odd behaviour.
If I use the "Captcha" method (I'm using the cache as storage since I disabled sessions) everything works correctly. If I enter the right code validation passes, otherwise validation fails.
If I use the "InvisibleTextBox" protection instead, validation always fails.
Here is the test string that I'm using, maybe I missed something on it:
This is inside an asp Panel, together with the form fields, ajaxified with RadAjaxManager.
I check the validation in the button click event server side and RadCaptcha1.IsValid is always false and of course validation fails. Any hint to overcome this issue. I can exploit the invisibletextbox feature myself but the timer on form subit requires a bit more work and it is a pity not to use the built-in one inside RadCaptcha. Any hint will be much appreciated. I'm coding on ASP.NET 4.5.
If I use the "Captcha" method (I'm using the cache as storage since I disabled sessions) everything works correctly. If I enter the right code validation passes, otherwise validation fails.
If I use the "InvisibleTextBox" protection instead, validation always fails.
Here is the test string that I'm using, maybe I missed something on it:
<
telerik:RadCaptcha
ID
=
"RadCaptcha1"
ProtectionMode
=
"InvisibleTextBox"
MinTimeout
=
"2"
ErrorMessage
=
"asdsdasd"
Display
=
"Static"
runat
=
"server"
></
telerik:RadCaptcha
>
This is inside an asp Panel, together with the form fields, ajaxified with RadAjaxManager.
I check the validation in the button click event server side and RadCaptcha1.IsValid is always false and of course validation fails. Any hint to overcome this issue. I can exploit the invisibletextbox feature myself but the timer on form subit requires a bit more work and it is a pity not to use the built-in one inside RadCaptcha. Any hint will be much appreciated. I'm coding on ASP.NET 4.5.
6 Answers, 1 is accepted
0
Hello Massimiliano,
I would suggest checking if there is a custom client-side script on your page that modifies the value of the inputs, including the hidden one that is generated by the RadCaptcha for the InvisibleTextBox protection.
If there is not such a script, please check the attached sample page. I have prepared it according to the provided information, nevertheless I am not able to reproduce the problem. Examine the page and let me know what should be changed in order for the issue to occur.
Regards,
Slav
Telerik
I would suggest checking if there is a custom client-side script on your page that modifies the value of the inputs, including the hidden one that is generated by the RadCaptcha for the InvisibleTextBox protection.
If there is not such a script, please check the attached sample page. I have prepared it according to the provided information, nevertheless I am not able to reproduce the problem. Examine the page and let me know what should be changed in order for the issue to occur.
Regards,
Slav
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
Massimiliano
Top achievements
Rank 1
answered on 04 Jun 2013, 02:42 PM
Sorry for the delay.
I have no such script that somehow fills the invisible text box. Nonetheless I tried your example and it indeed works as expected... I really don't know what to think.
Anyway I implemented my "hand-made" solution with
Wich I think should serve the same purprose with the server function being as simple as:
And this works like a charm so it's really a mistery to me. BUT the important thing is that I thought that the protection modes of RadCaptcha included lower levels of protection so captcha mode would include all 3 modes and InvisibleTextBox would include the minimum time check but it seems it doesn't work that way...
So for example to have both the time check and the invisible text box check, should I use 2 different radcaptcha controls with respective protection mode set?
If is this how it work I just go on with my custom solution for invisible text and add a radcaptcha only for timeout.
EDIT: I tried with
But this fails as well... I'm really confused. The standard "Captcha" protection with text is the only mode that works as expected.
I have no such script that somehow fills the invisible text box. Nonetheless I tried your example and it indeed works as expected... I really don't know what to think.
Anyway I implemented my "hand-made" solution with
<
asp:TextBox
ID
=
"CheckPassBT"
ClientIDMode
=
"Static"
runat
=
"server"
Text
=
""
></
asp:TextBox
>
<
asp:CustomValidator
ID
=
"CheckPassBTCustomValidator"
ClientIDMode
=
"Static"
runat
=
"server"
OnServerValidate
=
"CheckPassBTValidate"
Display
=
"None"
></
asp:CustomValidator
>
Wich I think should serve the same purprose with the server function being as simple as:
Protected
Sub
CheckPassBTValidate(source
As
Object
, args
As
ServerValidateEventArgs)
Handles
CheckPassBTCustomValidator.ServerValidate
args.IsValid =
String
.IsNullOrWhiteSpace(CheckPassBT.Text)
End
Sub
And this works like a charm so it's really a mistery to me. BUT the important thing is that I thought that the protection modes of RadCaptcha included lower levels of protection so captcha mode would include all 3 modes and InvisibleTextBox would include the minimum time check but it seems it doesn't work that way...
So for example to have both the time check and the invisible text box check, should I use 2 different radcaptcha controls with respective protection mode set?
If is this how it work I just go on with my custom solution for invisible text and add a radcaptcha only for timeout.
EDIT: I tried with
<
telerik:RadCaptcha
ID
=
"RadCaptcha2"
runat
=
"server"
ProtectionMode
=
"MinimumTimeout"
MinTimeout
=
"2"
ErrorMessage
=
"asjkdhkjasd"
Display
=
"Static"
></
telerik:RadCaptcha
>
But this fails as well... I'm really confused. The standard "Captcha" protection with text is the only mode that works as expected.
0
Shinu
Top achievements
Rank 2
answered on 05 Jun 2013, 06:21 AM
Hi Massimiliano,
Please have a look at the following code I tried to validate page using RadCaptcha InvisibleTextBox ProtectionMode which worked as expected.
ASPX:
JavaScript:
C#:
Thanks,
Shinu.
Please have a look at the following code I tried to validate page using RadCaptcha InvisibleTextBox ProtectionMode which worked as expected.
ASPX:
<
telerik:RadTextBox
ID
=
"RadTextBox1"
runat
=
"server"
Label
=
"UserName : "
>
</
telerik:RadTextBox
>
<
telerik:RadTextBox
ID
=
"RadTextBox2"
runat
=
"server"
Label
=
"Password : "
TextMode
=
"Password"
>
</
telerik:RadTextBox
>
<
telerik:RadCaptcha
ID
=
"RadCaptcha1"
runat
=
"server"
ProtectionMode
=
"InvisibleTextBox"
>
</
telerik:RadCaptcha
>
<
asp:Label
ID
=
"Label1"
runat
=
"server"
>
</
asp:Label
>
<
telerik:RadButton
ID
=
"btnVerify"
runat
=
"server"
Text
=
"Submit"
OnClick
=
"btnVerify_Click"
>
</
telerik:RadButton
>
<
br
/>
<
br
/>
<
asp:CheckBox
ID
=
"CheckBox1"
runat
=
"server"
Text
=
"Fill the Invisible TextBox to invalidate page"
onclick
=
"fillInvisibleTextBox(this);"
/>
JavaScript:
<script type=
"text/javascript"
>
function
fillInvisibleTextBox(sender) {
var
invisibleTextBox = $get(
"<%=RadCaptcha1.ClientID %>_InvisibleTextBox"
);
if
(sender.checked) {
invisibleTextBox.value =
"SomeText"
;
}
else
{
invisibleTextBox.value =
""
;
}
}
</script>
C#:
protected
void
btnVerify_Click(
object
sender, EventArgs e)
{
if
(Page.IsValid)
{
Label1.ForeColor = System.Drawing.Color.Green;
Label1.Text =
"Page submitted successfully!<br/><br/>"
;
}
else
{
Label1.ForeColor = System.Drawing.Color.Red;
Label1.Text =
"Page not submitted. Invisible textbox was filled by a bot!<br/><br/>"
;
}
}
Thanks,
Shinu.
0
Massimiliano
Top achievements
Rank 1
answered on 05 Jun 2013, 11:23 AM
Thank you Shinu. It indeed works in a "clean" scenario, there must be something I'm mangling with JS or code behind that screws the basic functionality.
By the way I solved with simple "hand-made" solutions (a session/cache datetime for the timer and an invisible empty textbox)
Thank you so far
By the way I solved with simple "hand-made" solutions (a session/cache datetime for the timer and an invisible empty textbox)
Thank you so far
0
Hi Massimiliano,
Indeed, the different protection modes of RadCaptcha can be used only separately. There should not be any problems with adding more than one captcha control on the page in order to combine the protection modes.
As for the problems you are having, I will need to examine a fully runnable sample that isolates your setup in order to help you accordingly, because the issue is not reproducible in a standard configuration as you noted.
Regards,
Slav
Telerik
Indeed, the different protection modes of RadCaptcha can be used only separately. There should not be any problems with adding more than one captcha control on the page in order to combine the protection modes.
As for the problems you are having, I will need to examine a fully runnable sample that isolates your setup in order to help you accordingly, because the issue is not reproducible in a standard configuration as you noted.
Regards,
Slav
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
0
Massimiliano
Top achievements
Rank 1
answered on 10 Jun 2013, 10:52 AM
Thank you Slav.
It's really odd what's happening indeed. Anyway I solved with a custom "hand-made" solution no probs. Thanks for your support as always.
It's really odd what's happening indeed. Anyway I solved with a custom "hand-made" solution no probs. Thanks for your support as always.