WebForms Captcha Overview

The RadCaptcha control helps you prevent your online forms from automated spam. The control generates distorted images of letters and numbers that are easily decipherable to humans, but not to automated programs (spam bots).

Telerik UI for ASP.NET AJAX Ninja image

The Captcha is part of Telerik UI for ASP.NET AJAX, a professional grade UI library with 120+ components for building modern and feature-rich applications. To try it out sign up for a free 30-day trial.

Strategies for protection against automated form submissions

Telerik's RadCaptcha control provides two major strategies for protection against automated form submissions:

  1. Image with modified symbols. They are displayed in a form, and the user is required to input the symbols in a textbox. If the input is correct, the control validates that the user is not a robot. There is a set of properties that characterize the generated image:

    1. Noise factors – background, line, font warping

    2. Image – height and width

    3. Text – font family name, set of characters, number of characters

    4. CAPTCHA session expiration time

    5. CAPTCHA error message to be displayed if the entered value was incorrect

  2. Automatic Robots Discovery – this strategy uses predefined rules which decide whether the input comes from a robot or not. This strategy is not 100% secure and some sophisticated robots may pass it. The Sitefinity administrator is allowed to decide which of the predefined rules to use. At this point, there are two implemented rules that can be applied either separately or simultaneously:

    1. Minimum form submission time – the presumption is that a human cannot input the fields in a form correctly for a time less than 3 seconds (this is set by default, and can be modified). If the submission is executed faster than the predefined value, it is assumed that the executor is a robot.

    2. Invisible textbox in the form (the so-called “honeypot”) – this rule requires the insertion of a textbox which is not visible when the form is styled. Still, it will be detected by a robot, and therefore if any data is entered, the executor is considered to be a robot. An invisible label is also used to instruct humans not to fill in the textbox. This is necessary in case the styles are turned off and the textbox becomes visible, or in case a screen reader is used for disabled people.

See Also

In this article