How To use BotDetect ASP.NET CAPTCHA on Linux/Apache servers (BotDetect v2.0)
Please Note
The information on this page is out of date and applies to a deprecated version of BotDetect™ CAPTCHA (v2.0).
An up-to-date equivalent page for the latest BotDetect Captcha release (v3) is BotDetect v3 ASP.NET Captcha How To guides.
General information about the major improvements in the current BotDetect release can be found at the What's New in BotDetect v3.0 page.
This page will show you how to add BotDetect ASP.NET CAPTCHA protection to your ASP.NET web application hosted using the Apache web server on a Linux (Red Hat, Fedora, CentOS, SUSE, ...) system.
Prerequisites
- Apache 1.3.x/2.0.x/2.2.x
- BotDetect CAPTCHA 2.0.x for ASP.NET
We assume that you have already installed the Apache web server on your system. If not, please download Apache, and follow the Apache installation guide.
At the moment, BotDetect CAPTCHA installations can only be run on Windows systems, but you can copy the BotDetect CAPTCHA assembly (Lanap.BotDetect.dll) and the ASP.NET sample projects to your Linux system. If you don't have a BotDetect CAPTCHA installation, please download the BotDetect CAPTCHA free version.
Step-by-step guide
This guide describes all steps required to create a new ASP.NET website and add BotDetect CAPTCHA protection to it. If you have your site already created and configured, you can skip steps that don't apply to your server.
- Step 1. Install the Mono framework
- Step 2. Create a new ASP.NET Web Site
- Step 3. Configure your site to use BotDetect CAPTCHA
- Step 4. Add BotDetect CAPTCHA user input validation
- Sample ASP.NET BotDetect CAPTCHA Projects
Step 1. Install the Mono framework
We will use the Mono framework to run your .NET web application on a Linux system.
Mod_Mono is an Apache 1.3/2.0/2.2 module that provides ASP.NET support for the web's favorite server, Apache. The module passes off requests for ASP.NET pages to an external program, mod-mono-server, which actually handles the requests. The communication between the Apache module and mod-mono-server is established using a Unix socket or a TCP socket.
- Mono Project
Setup Mono-core
Download the appropriate Mono-core package for your system from http://www.go-mono.com/mono-downloads/download.html. It's recommended to setup the following packages in this order:
- giflib-4.1.3-8.i386.rpm
- libexif9-0.5.12-3mdk.i586.rpm
- libgdiplus0-1.9-1.rhel4.novell.i386.rpm
- mono-core-1.9.1-2.novell.i586.rpm
- mono-data-1.9.1-2.novell.i586.rpm
- mono-data-firebird-1.9.1-2.novell.i586.rpm
- mono-data-oracle-1.9.1-2.novell.i586.rpm
- mono-data-postgresql-1.9.1-2.novell.i586.rpm
- mono-data-sqlite-1.9.1-2.novell.i586.rpm
- mono-data-sybase-1.9.1-2.novell.i586.rpm
- ibm-data-db2-1.9.1-2.novell.i586.rpm
- mono-nunit-1.9.1-2.novell.i586.rpm
- mono-web-1.9.1-2.novell.i586.rpm
- mono-winforms-1.9.1-2.novell.i586.rpm
- bytefx-data-mysql-1.9.1-2.novell.i586.rpm
- xsp-1.9.1-0.novell.noarch.rpm
Setup Mod_Mono
It is recommended to install Mod_Mono from a source package, so you can specify which Apache version you want to use. Some RPM packages (for example, mod_mono-1.9-0.rhel4.novell.i386.rpm) are already compiled for specific Apache versions, so you can also use a compiled package for your system and Apache version.
Download the Mod_Mono source (mod_mono-1.9.tar.bz2) from http://ftp.novell.com/pub/mono/sources-stable/, and follow the Compiling Mod_Mono from source guide.
Configure Apache to load Mod_Mono
Append the following lines to the httpd.conf file (located in /usr/local/apache2/conf by default):
Include conf/mod_mono.conf <Location /mono> SetHandler mono-ctrl Order deny,allow Deny from all Allow from 127.0.0.1 </Location>
The first line will load the Mod_Mono module. Make sure that you have mod_mono.conf in the same directory as httpd.conf after installing Mod_Mono.
The remaining lines (which are optional) will add the Mod_Mono control panel so you can control Mod_Mono using http://localhost/mono.
Step 2. Create a new ASP.NET Web Site
Create a new folder for the website (we will use BotDetectSample in these instructions), in the Apache web content folder (/usr/local/apache2/htdocs/ by default)
Create a new file named Default.aspx in the website folder, with the following content:
<%@ Page Language="C#" AutoEventWireup="true"
CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/
xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>BotDetect Demo</title>
</head>
<body>
<form id="form1" runat="server">
<div id="PromptDiv">
<span id="Prompt">Type the characters you see in
the picture</span>
</div>
</form>
</body>
</html>
Create a new file named Default.aspx.cs in the website folder, with the following content:
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class _Default : System.Web.UI.Page
{
}
Append the following lines into httpd.conf (located in /usr/local/apache2/conf/ by default):
Alias /BotDetectSample "/usr/local/apache2/htdocs/BotDetectSample"
AddMonoApplications default "/BotDetectSample:/usr/local/apache2/
htdocs/BotDetectSample"
MonoServerPath /usr/bin/mod-mono-server2
<Location /BotDetectSample>
SetHandler mono
</Location>
Restart Apache:
$httpd –k restart
...and if everything is configured correctly, you should see the page in your browser when you navigate to http://localhost/BotDetectSample/
Step 3. Configure your site to use BotDetect CAPTCHA
Create a sub-folder named bin in the website folder
Copy the Lanap.BotDetect.dll file into the newly created bin folder
Create a new file named Web.config in the website folder, with the following content:
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<httpHandlers>
<add verb="*" path="LanapCaptcha.aspx"
type="Lanap.BotDetect.CaptchaHandler,
Lanap.BotDetect"/>
</httpHandlers>
<sessionState mode="InProc" cookieless="AutoDetect"
timeout="20" sessionIDManagerType="
Lanap.BotDetect.Persistence.CustomSessionIDManager,
Lanap.BotDetect" />
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="false">
<assemblies>
<add assembly="System.Design, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</assemblies>
</compilation>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="None"/>
</system.web>
</configuration>
Add the following line to the top of the Default.aspx file, just below the <%@Page %> directive:
<%@ Register Assembly="Lanap.BotDetect" Namespace="Lanap.BotDetect" TagPrefix="BotDetect" %>
In the same file, add the following code fragment to the form where you want to show the BotDetect CAPTCHA image:
<div id="CaptchaDiv"> <BotDetect:Captcha ID="SampleCaptcha" runat="server" /> </div>
Save all changes, and refresh the page in the browser. You will see a CAPTCHA image rendered on your web form.
Step 4. Add BotDetect CAPTCHA user input validation
In the Default.aspx file, add the following code fragment to the form:
<div id="ValidationDiv">
<asp:TextBox ID="CodeTextBox" runat="server">
</asp:TextBox>
<asp:Button ID="ValidateButton" runat="server"
Text="Validate" />
<asp:Label ID="MessageCorrectLabel" runat="server">
</asp:Label>
<asp:Label ID="MessageIncorrectLabel" runat="server">
</asp:Label>
</div>
In the Default.aspx.cs file, add the following code fragment to the class definition:
protected void Page_PreRender(object sender, EventArgs e)
{
/// initial page setup
if (!IsPostBack)
{
/// set control text
ValidateButton.Text = "Validate";
MessageCorrectLabel.Text = "Correct!";
MessageIncorrectLabel.Text = "Incorrect!";
/// these messages are shown only after validation
MessageCorrectLabel.Visible = false;
MessageIncorrectLabel.Visible = false;
}
if (IsPostBack)
{
/// validate the input code, and show the appropriate
/// message
string code = CodeTextBox.Text.Trim().ToUpper();
if (SampleCaptcha.Validate(code))
{
MessageCorrectLabel.Visible = true;
MessageIncorrectLabel.Visible = false;
}
else
{
MessageCorrectLabel.Visible = false;
MessageIncorrectLabel.Visible = true;
}
CodeTextBox.Text = null;
}
}
Save all changes, and refresh the page in the browser. You can then try CAPTCHA validation in action.
On production web sites you will typically change the validation code to redirect the user to the resource requested if CAPTCHA validation succeeds.
Sample ASP.NET BotDetect CAPTCHA Projects
The BotDetect CAPTCHA installation also includes a number of sample code projects demonstrating how to use BotDetect CAPTCHA. You can get a result equivalent to the above step-by-step guide by copying the BotDetect CAPTCHA Validation sample project files to your Linux server and publishing it on Apache using Mod_Mono in the same way as described above.
Please Note
The information on this page is out of date and applies to a deprecated version of BotDetect™ CAPTCHA (v2.0).
An up-to-date equivalent page for the latest BotDetect Captcha release (v3) is BotDetect v3 ASP.NET Captcha How To guides.
General information about the major improvements in the current BotDetect release can be found at the What's New in BotDetect v3.0 page.
Current BotDetect Versions
- BotDetect ASP.NET CAPTCHA v3.0.92011–11–21
- BotDetect ASP Classic CAPTCHA v3.0.92011–11–21
