This is a migrated thread and some comments may be shown as answers.

Captcha and Login control

1 Answer 225 Views
Captcha
This is a migrated thread and some comments may be shown as answers.
Daniel
Top achievements
Rank 1
Daniel asked on 02 Jun 2016, 11:53 AM

I have added a Captcha control to the Layout Template of the Login control and it works fine. Is the following code needed to validate on the server-side in case a malicious user manages to bypass client validation and submit the form, or would that not be possible?

protected void LoginUser_LoggingIn(object sender, System.Web.UI.WebControls.LoginCancelEventArgs e)
{
    RadCaptcha RadCaptcha1 = LoginUser.FindControl("RadCaptcha1") as RadCaptcha;
    RadCaptcha1.Validate();
    if (!RadCaptcha1.IsValid)
    {
       e.Cancel = true;
    }
}

1 Answer, 1 is accepted

Sort by
0
Ianko
Telerik team
answered on 07 Jun 2016, 10:29 AM
Hi Daniel,

Shortly, in order to have a secure web site/application it is always recommended to have server-side validation. 

Although RadCaptcha is secure enough, we cannot guarantee you that the client-side validation of the form itself cannot be bypassed somehow and finally the form to be submitted without even RadCaptcha validation to be triggered. This is why the server-side validation is offered in first placeā€”in order to be able to validate the form on the server. 

Regards,
Ianko
Telerik
Do you need help with upgrading your ASP.NET AJAX, WPF or WinForms projects? Check the Telerik API Analyzer and share your thoughts.
Tags
Captcha
Asked by
Daniel
Top achievements
Rank 1
Answers by
Ianko
Telerik team
Share this question
or