Captcha and Login control

2 posts, 0 answers
  1. Daniel
    Daniel avatar
    23 posts
    Member since:
    Jun 2012

    Posted 02 Jun 2016 Link to this post

    I have added a Captcha control to the Layout Template of the Login control and it works fine. Is the following code needed to validate on the server-side in case a malicious user manages to bypass client validation and submit the form, or would that not be possible?

    protected void LoginUser_LoggingIn(object sender, System.Web.UI.WebControls.LoginCancelEventArgs e)
        RadCaptcha RadCaptcha1 = LoginUser.FindControl("RadCaptcha1") as RadCaptcha;
        if (!RadCaptcha1.IsValid)
           e.Cancel = true;

  2. Ianko
    Ianko avatar
    1940 posts

    Posted 07 Jun 2016 Link to this post

    Hi Daniel,

    Shortly, in order to have a secure web site/application it is always recommended to have server-side validation. 

    Although RadCaptcha is secure enough, we cannot guarantee you that the client-side validation of the form itself cannot be bypassed somehow and finally the form to be submitted without even RadCaptcha validation to be triggered. This is why the server-side validation is offered in first place—in order to be able to validate the form on the server. 

    Do you need help with upgrading your ASP.NET AJAX, WPF or WinForms projects? Check the Telerik API Analyzer and share your thoughts.
Back to Top