Captcha condiguration for Web farm

8 posts, 0 answers
  1. Tom
    Tom avatar
    4 posts
    Member since:
    May 2017

    Posted 18 May Link to this post

    I have (tried) to configure our app as per http://docs.telerik.com/devtools/aspnet-ajax/controls/captcha/troubleshooting/using-webfarm-or-webgarden-environment, but am missing some important detail as I cannot get the Captcha default validation to work. The user inputs the Captcha.Text in a textbox (ValidatedTextBoxID="rcTextBox1"). I can trace a test scenario where the Page_load is executed on one application processor and the Post_back is executed on a second application processor. The Captcha.Text in the post_back is from a different(local, initialized) CaptchaImage (a new CaptchaImage.Text and noCaptchaImage.PreviousText).  I can pass the original Captcha.Text in Session (sql server) and over-ride the default verification using the user input so I have a work-around. But my expectation is the default Captcha should work "out-of-the-box". I somehow expected I should be able to pass the original CaptchaImage created in the Page_Load to be used in the Post_back. I can save the original image ( Session["CaptchaImage"] = Captcha.CaptchaImage) from the Page_Load but I can't get RadCaptcha to use it directly. I can't set the Captcha.CaptchaImage or Captcha.CaptchaImage.Text from Session as these are only Getters.

    Questions:

    1)  If I set mageStorageLocation="Session" why doesn't the control do the equivalent of a Session["CaptchaImage"] = Captcha.CaptchaImage / Captcha.CaptchaImage = Session["CaptchaImage"] for me.

    2) If I must save the CaptchaImage in Session, what do I do with it on th ePost_back?

    3) Why does ValidatedTextBoxID="rcTextBox1") cause the rcTextBox1.Text to be ""? I had to copy it to a HiddenField with JavaScript to retrieve the use input.

     

  2. Marin Bratanov
    Admin
    Marin Bratanov avatar
    3916 posts

    Posted 23 May Link to this post

    Hi Tom,

    This is what the control actually attempts to do. It relies on the Session being shared among all the servers and my best guess at this point is that there is an issue with the session state sharing in the farm.

    Generally speaking, the behavior you report is quite strange and there may be something else causing the problem. For example, the POST request may get changed by a proxy or a load balancer.

    Ultimately, you can also create your own provider that stores the captcha image as you see fit and according to what works in your environment: http://docs.telerik.com/devtools/aspnet-ajax/controls/captcha/functionality/caching-provider.

    Regards,

    Marin Bratanov
    Telerik by Progress
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
  3. Tom
    Tom avatar
    4 posts
    Member since:
    May 2017

    Posted 26 May in reply to Marin Bratanov Link to this post

    The app in question which uses the telerik Catcha Control is about 10 years old, has hundreds of pages, and runs in a AWS web farm so its a bit difficult to demonstrate we have thing configured coreectly. So I downloaded Telerik sample code, extracted from that the smallest piece of working code and dropped it in a aps.net web form app. I modified a local SQL Express instance to be a session provided and ran it under visual Studio debugger. I looked at the Session object. I could see  a GUUID ("7569d74f-4a22-4db8-9241-076cbdbf1859") which changes value each time a run the app  and "RadCaptcha_TimeOut".  And I can see the session record in the session database [ASPStateTempSessions] table . I am going to try and publish this sample app into our production cloud ( behind load balances) but I have no great expectation its going to work as I don't see any other RadCaptcha* state properties, I was expecting at a minimum the Text and PreviousText, even the CaptchaImage. So what does ImageStorageLocation="Session" actually do for me. I don't need the Captcha image, I just want the validation to work (ie the "correct" value of previousText to match what the user types in to be available in the Post_back).
  4. Marin Bratanov
    Admin
    Marin Bratanov avatar
    3916 posts

    Posted 29 May Link to this post

    Hello Tom,

    Can you confirm all servers in the farm have the same machine key: http://www.telerik.com/blogs/integrate-radcontrols-for-asp.net-ajax-in-a-webfarm-or-webgarden?

    It is quite odd that sharing the session between the servers does not work for the captcha. The only thing I can suggest at this point is that you implement a custom provider that will store the text in a database or in some other location (e.g., a file in a shared location): http://docs.telerik.com/devtools/aspnet-ajax/controls/captcha/functionality/caching-provider. As for the image - it is generated for the end user, the captcha needs the text.

    You can also find our built-in session provider by downloading our source code and navigating to the Telerik.Web.UI\Captcha\Captcha\CachingProviders\SessionCachingProvider.cs file.

    Regards,

    Marin Bratanov
    Progress Telerik
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
  5. Tom
    Tom avatar
    4 posts
    Member since:
    May 2017

    Posted 29 May in reply to Marin Bratanov Link to this post

    yes the machine keys are the same in all web.config files on each app server. Just to be clear we use sql server to store a lot of session state from many pages without problems.

    As I said in my previous post, I did download your sample code (thanks for tons of examples I did not know about before. I created a single page app and added a snippet of the sample and set up session state in sql server and when I examine the Session array, there is only 1 RadCaptcha (RadCaptha_TimeOut) property, not CapthaImage.previousText which is what is needed.

    I have a work around that saves the user input and I can perform my own validation  by saving both CapthaImage.Text and CapthaImage.PreviousText. I check in Page_load (Post_back) and if it is the same app processor I validate with CapthaImage.PreviousText, if it is a new app processor I validate with the CapthaImage.Text I saved in the original Page_Load.

     

    What RadChaptcha properties are supposed to be saved in Session state when I set ImageStorageLocation="Session"

     

  6. Marin Bratanov
    Admin
    Marin Bratanov avatar
    3916 posts

    Posted 31 May Link to this post

    Hello Tom,

    The workaround you have devised seems a good approach.

    To be honest, I don't know why the built-in provider would not work as expected in your case, and the safe approach is to store the necessary information yourself. Having the text will suffice for validation.

    By default, the entire CaptchaImage object is stored in the session. I am attaching a video of how this looks. You will see how the key (a guid) under which the captcha image gets stored changes when each new image is generated and at the end you can see how, if I know the key, I can access it in the page event. Of course, I know the key because i just stepped through the code that generated it.

    Regards,

    Marin Bratanov
    Progress Telerik
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
  7. Tom
    Tom avatar
    4 posts
    Member since:
    May 2017

    Posted 17 Aug in reply to Marin Bratanov Link to this post

    I did observe a record in our session database created by Captcha, keyed by a GUUID. I am not clear how the code behind on the alternate app processor would know the GUUID created by the original app processor so the Captcha object could be re-initialized using the session database info. 
  8. Marin Bratanov
    Admin
    Marin Bratanov avatar
    3916 posts

    Posted 23 Aug Link to this post

    Hi Tom,

    The captcha settings are stored in the session.

    The request for the captcha image asks the session based on this GUID what the captcha image text is.

    Thus, if the same Session object is available on all servers, there should be no issues.

    Considering the start of the thread, however, there seems to be something specific in your case that prevents the out-of-the-box implementation we have from working properly, so perhaps you should look into creating a custom provider that stores and reads the image based on the requested key.

    Regards,

    Marin Bratanov
    Progress Telerik
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
Back to Top