Lanap BotDetect is a highly customizable website security solution designed to protect web forms from automated spam, brute-force attacks, and bot registrations by generating secure CAPTCHA challenges. It is widely used in the Microsoft ecosystem, supporting classic ASP, ASP.NET WebForms, ASP.NET MVC, and modern .NET Core applications.
Unlike cloud-dependent alternatives like Google reCAPTCHA, BotDetect operates fully on your own server, giving you total control over user data and the CAPTCHA generation engine. Core Security Features
Algorithmic Variety: Offers 50 different CAPTCHA image algorithms and 20 audio generation algorithms. This variety prevents optical character recognition (OCR) bots from training on a single style to bypass your security.
Audio Captcha Support: Generates secure audio challenges to ensure your forms remain accessible to visually impaired users.
No Client-Side Dependencies: Functions perfectly without requiring JavaScript, cookies, or specific browser plug-ins, blocking even the most rudimentary text-based bots.
Flexible Persistence: Stores validation codes safely on the server. You can choose from standard ASP Session state, SQLite (default in newer versions), Memcached, or Redis for distributed server environments.
Custom Security Rules: Allows developers to adjust the length, character sets (alphabetic, numeric, or alphanumeric), image formats (.jpeg, .gif, .png, .bmp), and strict timeouts for expiration. Implementation Workflow in ASP.NET
Securing a form with BotDetect involves three primary steps: registering the library, displaying the visual challenge, and validating the user’s input on submission.
[ User Requests Form ] │ ▼ ┌──────────────────────────────────────┐ │ Server registers BotDetect Handler │ │ and generates unique Captcha ID │ └──────────────────────────────────────┘ │ ▼ ┌──────────────────────────────────────┐ │ Browser renders BotDetect:Captcha │ │ and requests the secure image/audio │ └──────────────────────────────────────┘ │ ▼ [ User Types Code & Submits ] │ ▼ ┌──────────────────────────────────────┐ │ Server compares user input against │ │ the value stored in Server Session │ └──────────────────────────────────────┘ │ ┌──────┴──────┐ ▼ ▼ [ SUCCESS ] [ FAILURE ] Proceed Show Error & Reload 1. Configuration (Web.config)
You must register the BotDetect HttpHandler so the application can process image and audio generation requests dynamically.
.aspx Presentation)
Register the tag prefix at the top of your page and drop the custom layout control into your existing form.
<%@ Register Assembly=“BotDetect” Namespace=“BotDetect.Web.UI” TagPrefix=“BotDetect” %> Use code with caution. 3. Form Validation (Code-Behind C#)
When the user submits the form, check the validation result on PostBack. You can also tie it directly to the native Page.IsValid architecture using a custom CaptchaValidator control.
protected void SubmitButton_Click(object sender, EventArgs e) { // Validate user input against the server-side captcha instance bool isHuman = ExampleCaptcha.Validate(CaptchaCodeTextBox.Text.Trim()); if (isHuman) { // Clear user input field and process the safe form data CaptchaCodeTextBox.Text = null; ProcessFormData(); } else { // Fail securely: Notify the user and require a new attempt ErrorMessageLabel.Text = “Incorrect CAPTCHA code. Please try again.”; } } Use code with caution. Best Practices for Form Security
Leave a Reply