RadCaptcha with InvisibleTextBox never pass validation

7 posts, 0 answers
  1. Massimiliano
    Massimiliano avatar
    184 posts
    Member since:
    Oct 2012

    Posted 27 May 2013 Link to this post

    Hallo, I'm testing RadCaptcha and I'm struck with a very odd behaviour.
    If I use the "Captcha" method (I'm using the cache as storage since I disabled sessions) everything works correctly. If I enter the right code validation passes, otherwise validation fails.
    If I use the "InvisibleTextBox" protection instead, validation always fails.
    Here is the test string that I'm using, maybe I missed something on it:

    <telerik:RadCaptcha ID="RadCaptcha1" ProtectionMode="InvisibleTextBox" MinTimeout="2" ErrorMessage="asdsdasd" Display="Static" runat="server"></telerik:RadCaptcha>

    This is inside an asp Panel, together with the form fields, ajaxified with RadAjaxManager.
    I check the validation in the button click event server side and RadCaptcha1.IsValid is always false and of course validation fails. Any hint to overcome this issue. I can exploit the invisibletextbox feature myself but the timer on form subit requires a bit more work and it is a pity not to use the built-in one inside RadCaptcha. Any hint will be much appreciated. I'm coding on ASP.NET 4.5.

  2. Slav
    Admin
    Slav avatar
    1356 posts

    Posted 30 May 2013 Link to this post

    Hello Massimiliano,

    I would suggest checking if there is a custom client-side script on your page that modifies the value of the inputs, including the hidden one that is generated by the RadCaptcha for the InvisibleTextBox protection.

    If there is not such a script, please check the attached sample page. I have prepared it according to the provided information, nevertheless I am not able to reproduce the problem. Examine the page and let me know what should be changed in order for the issue to occur.

    Regards,
    Slav
    Telerik
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Massimiliano
    Massimiliano avatar
    184 posts
    Member since:
    Oct 2012

    Posted 04 Jun 2013 Link to this post

    Sorry for the delay.
    I have no such script that somehow fills the invisible text box. Nonetheless I tried your example and it indeed works as expected... I really don't know what to think.
    Anyway I implemented my "hand-made" solution with
    <asp:TextBox ID="CheckPassBT" ClientIDMode="Static" runat="server" Text=""></asp:TextBox>
    <asp:CustomValidator ID="CheckPassBTCustomValidator" ClientIDMode="Static" runat="server" OnServerValidate="CheckPassBTValidate" Display="None"></asp:CustomValidator>

    Wich I think should serve the same purprose with the server function being as simple as:

    Protected Sub CheckPassBTValidate(source As Object, args As ServerValidateEventArgs) Handles CheckPassBTCustomValidator.ServerValidate
        args.IsValid = String.IsNullOrWhiteSpace(CheckPassBT.Text)
    End Sub

    And this works like a charm so it's really a mistery to me. BUT the important thing is that I thought that the protection modes of RadCaptcha included lower levels of protection so captcha mode would include all 3 modes and InvisibleTextBox would include the minimum time check but it seems it doesn't work that way...
    So for example to have both the time check and the invisible text box check, should I use 2 different radcaptcha controls with respective protection mode set?
    If is this how it work I just go on with my custom solution for invisible text and add a radcaptcha only for timeout.

    EDIT: I tried with
    <telerik:RadCaptcha ID="RadCaptcha2" runat="server" ProtectionMode="MinimumTimeout" MinTimeout="2" ErrorMessage="asjkdhkjasd" Display="Static" ></telerik:RadCaptcha>

    But this fails as well... I'm really confused. The standard "Captcha" protection with text is the only mode that works as expected.
  5. Shinu
    Shinu avatar
    17764 posts
    Member since:
    Mar 2007

    Posted 05 Jun 2013 Link to this post

    Hi Massimiliano,

    Please have a look at the following code I tried to validate page using RadCaptcha InvisibleTextBox ProtectionMode which worked as expected.

    ASPX:
    <telerik:RadTextBox ID="RadTextBox1" runat="server" Label="UserName : ">
    </telerik:RadTextBox>
    <telerik:RadTextBox ID="RadTextBox2" runat="server" Label="Password : " TextMode="Password">
    </telerik:RadTextBox>
    <telerik:RadCaptcha ID="RadCaptcha1" runat="server" ProtectionMode="InvisibleTextBox">
    </telerik:RadCaptcha>
    <asp:Label ID="Label1" runat="server">
    </asp:Label>
    <telerik:RadButton ID="btnVerify" runat="server" Text="Submit" OnClick="btnVerify_Click">
    </telerik:RadButton>
    <br />
    <br />
    <asp:CheckBox ID="CheckBox1" runat="server" Text="Fill the Invisible TextBox to invalidate page"
        onclick="fillInvisibleTextBox(this);" />

    JavaScript:
    <script type="text/javascript">
        function fillInvisibleTextBox(sender) {
            var invisibleTextBox = $get("<%=RadCaptcha1.ClientID %>_InvisibleTextBox");
            if (sender.checked) {
                invisibleTextBox.value = "SomeText";
            }
            else {
                invisibleTextBox.value = "";
            }
        }
    </script>

    C#:
    protected void btnVerify_Click(object sender, EventArgs e)
    {
        if (Page.IsValid)
        {
            Label1.ForeColor = System.Drawing.Color.Green;
            Label1.Text = "Page submitted successfully!<br/><br/>";
        }
        else
        {
            Label1.ForeColor = System.Drawing.Color.Red;
            Label1.Text = "Page not submitted. Invisible textbox was filled by a bot!<br/><br/>";
        }
    }

    Thanks,
    Shinu.
  6. Massimiliano
    Massimiliano avatar
    184 posts
    Member since:
    Oct 2012

    Posted 05 Jun 2013 Link to this post

    Thank you Shinu. It indeed works in a "clean" scenario, there must be something I'm mangling with JS or code behind that screws the basic functionality.
    By the way I solved with simple "hand-made" solutions (a session/cache datetime for the timer and an invisible empty textbox)

    Thank you so far
  7. Slav
    Admin
    Slav avatar
    1356 posts

    Posted 10 Jun 2013 Link to this post

    Hi Massimiliano,

    Indeed, the different protection modes of RadCaptcha can be used only separately. There should not be any problems with adding more than one captcha control on the page in order to combine the protection modes.

    As for the problems you are having, I will need to examine a fully runnable sample that isolates your setup in order to help you accordingly, because the issue is not reproducible in a standard configuration as you noted.

    Regards,
    Slav
    Telerik
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
  8. Massimiliano
    Massimiliano avatar
    184 posts
    Member since:
    Oct 2012

    Posted 10 Jun 2013 Link to this post

    Thank you Slav.
    It's really odd what's happening indeed. Anyway I solved with a custom "hand-made" solution no probs. Thanks for your support as always.
Back to Top
UI for ASP.NET Ajax is Ready for VS 2017