Archive

Posts Tagged ‘CAPTCHA’

Implementing CAPTCHA in SharePoint sites

October 7th, 2009 36 comments

What is CAPTCHA

A CAPTCHA is a program that can generate and grade tests that humans can pass but automated programs cannot. For example, humans can read distorted text as the one shown below, but automated programs can’t.

 recaptcha-example

The term CAPTCHA (for Completely Automated Turing Test to Tell Computers and Humans Apart) was coined in 2000. CAPTCHA is very useful in current applications. Below are some of the applications of CAPTCHA.

  • Preventing Comment Spam in Blogs
  • Protecting Website Registration
  • Online Polls
  • Preventing Dictionary Attacks
  • Search Engine Bots
  • Worms and Spam

There are different types of CAPTCHA programs available on the internet, but all of them are not the same in their usability and implementation. Here are some examples.

 image_captcha_example_thumbnail

     captcha_with_features

 broken-captchas

 

 

 

 

 

When you start your search to implement CAPTCHA program in your site, you should consider a following items.

  • CAPTCHA should be compatible with your existing implementation. CAPTCHA programs are available for PHP, ASP .Net, Perl, Java and many other environments. Like for SharePoint I choose ASP .Net CAPTCHA.
  • It shouldn’t be very simple. Because if it generates a very simple image, using the same font and style, there is a huge chance that automated image processing programs can read it. Then it’s useless. It should be complex enough for smart hackers.
  • The scripts used to create CAPTCHA program should be secured and the system shouldn’t have loop holes for hackers. Common examples of insecurities in this respect include: (1) Systems that pass the answer to the CAPTCHA in plain text as part of the web form. (2) Systems where a solution to the same CAPTCHA can be used multiple times (this makes the CAPTCHA vulnerable to so-called “replay attacks”).
  • There are a lot of text based CAPTCHA programs in the market, like mathematical questions. These are very easy calculations for automated scripts and break easily.
  • One very important thing CAPTCHA should be accessible.  There should be support for impaired users to access it. There are CAPTCHA programs in the market with audio support.

After considering all the above mentioned factors I have selected reCAPTCHA. It has support for ASP .Net, complex to break, provides secure implementation, accessible and major thing it is free to use for any website. You can even change the look and feel of reCAPTCHA control.

Implementation in SharePoint

In order to use reCAPTCHA in your web site you need to get a new key from reCAPTCHA website (http://www.recaptcha.net). For this you need to signup to the site and then you can get a key against your domain name. Your reCAPTCHA key will be valid for the specified domain and all sub-domains. If you like to use reCAPTCHA for other domains, you need to get more keys or you can select global key to use cross domain.

You can download the reCAPTCHA dll from this link http://recaptcha.net/plugins/aspnet/ , this dll is for ASP .Net implementations. The latest version available is 1.0.3.0. Now you can deploy reCAPTCHA to local bin for the web site or in GAC as well.

In order to deploy it in GAC, you need to do some more steps. You need strongly named dll for GAC. In this case you already have a dll and it is not strongly named. But there is nothing serious worries you can change it into a strongly named dll. Here are some simple steps.

  • Get the MSIL from the dll
    • Open visual studio command prompt and enter the following command
    • ildasm Recaptcha.dll /out: Recaptcha.il
    • Rename the original dll file
      • Use this command
      • Rename Recaptcha.dll Recaptcha_org.dll
      • Create a snk (key) file
        • Sn –k Recaptcha.snk
        • Create strongly named dll from MSIL and key files
          • ilasm Recaptcha.il /dll /key= Recaptcha.snk

That’s all, now your file is ready to deploy in GAC. Deploy it in GAC. You can use below ‘gacutil’ command or simply drag and drop to assembly folder (usually the path is C:\windows\assembly).

  • Gacutil –l “path to dll”

Now you need to add the reCAPTCHA control to safe control list in web.config. This entry will be like this

<SafeControl Assembly=Recaptcha, Version=1.0.3.0, Culture=neutral, PublicKeyToken=9c9a3ef27e62a14a Namespace=Recaptcha TypeName=* Safe=True />

Add the reCAPTCHA control on the page, where you want to use it.

<%@ Register Tagprefix=Recaptcha Namespace=Recaptcha Assembly=Recaptcha, Version=1.0.3.0, Culture=neutral, PublicKeyToken=9c9a3ef27e62a14a %>

Finally insert the reCAPTCHA control under the form tag.

<Recaptcha:RecaptchaControl
ID=idAntiBotReCAPTCHA runat=server Theme=clean
PublicKey=CAPTCHA-Public-Key
PrivateKey=CAPTCHA-Private-Key/>

This is how it will look like in SharePoint page.

 recaptcha-in-form

 

Reference links.

http://www.captcha.net/

http://recaptcha.net/

http://code.google.com/p/recaptcha/downloads/list

 

Cheers

Categories: MOSS Tags: ,