I have added a Captcha control to the Layout Template of the Login control and it works fine. Is the following code needed to validate on the server-side in case a malicious user manages to bypass client validation and submit the form, or would that not be possible?
protected void LoginUser_LoggingIn(object sender, System.Web.UI.WebControls.LoginCancelEventArgs e)
RadCaptcha RadCaptcha1 = LoginUser.FindControl("RadCaptcha1") as RadCaptcha;
e.Cancel = true;