Feedback

# re: Login Control + CAPTCHA 6/6/2006 6:58 PM Israel Aece

Hello Scott,

Wouldn't be more interesting to validate captcha code before Membership user?

If captcha code is invalid, you don't access the membership methods (like ValidateUser) and, in this case, can cause an extra overhead. (IMHO)

# re: Login Control + CAPTCHA 6/6/2006 8:39 PM Scott Mitchell

Hi Israel. Good point, this would be more efficient. However, bear in mind that any gains are likely very negligible because:

(a) Logging in a user is probably much less frequent than other, more intensive operations
(b) Having a user log in AND enter an invalid CAPTCHA is even more unlikely

So it doesn't hurt to make that change, but I would imagine you'd not ever notice any difference one way or the other.

# re: Login Control + CAPTCHA 6/6/2006 10:50 PM paketim

A refresh button for the captcha image would be nice for unreadable verification codes.

Paketim
http://www.paketim.com

# re: Login Control + CAPTCHA 6/7/2006 4:41 AM nstlgc

Scott, I could be wrong, but IMHO the fact that you process your CAPTCHA only after a succesful login defies the whole purpose of having a CAPTCHA to begin with.

CAPTCHA serves to verify that the entity visiting the website is not a robot. The prominent reason for having a robot visit your site is likely to be password bruteforcing. Your solution will happily allow robots to try until they find a login/password pair that works, then report to their owner for actual CAPTCHA clearance.

Just my 2 bits..

# re: Login Control + CAPTCHA 6/7/2006 7:13 AM James Bradley

I hate to sound negative, but being a web professional I'd have thought your article would mention that the use of CAPTCHA makes many websites illegal due to accessibility regulations , (not just Section 508, but worldwide). Its use certainly frowned upon for public sites where the abilities of users cannot be guaranteed. Perhaps a warning to the usage of CAPTCHA might be appropriate.

Of course the problem is for blind or visually impaired users, they have no idea what the caption says. For completeness on this subject, check out http://www.w3.org/TR/turingtest/

James

# re: Login Control + CAPTCHA 6/7/2006 10:04 AM Scott Mitchell

nstlgc, great point. I've revised the article's content and code download to capture the suggestions made by both you and Israel. Thanks both.

James, good points w.r.t. accessibility.

FYI, I've added all your comments to the article. Thanks for the heads up and worthwhile discussion.

# re: Login Control + CAPTCHA 6/26/2006 7:49 AM Alex

Scott,
Any chance you might be doing an article on Examining ASP.NET 2.0's Membership, Rols, and Profile with only using Active Directory? There are a lot of articles about this using Forms Authentication but what about intranet websites that want to use Active Directory? I think it would make a good Part 6 and I know I'd benfit from it.

Thanks for the great articles,
Alex

# re: Login Control + CAPTCHA 7/4/2006 3:16 AM GigoIt

Thought you guys might like this.

GigoIt's HumanAuth is based off the ideas presented by KittenAuth.com. HumanAuth supports ADA and Section 508 requirements, increased security and includes watermarked images with random positioning. HumanAuth ensures that an actual human is using your site without forcing them to read distorted CAPTCHA text.

http://www.gigoit.org/humanauth/

# re: Login Control + CAPTCHA 3/28/2007 5:31 AM Emilio

Here is a challenge :-) I have been trying to use this CAPTCHA control on the CreateUserWizard because I do not want ghost users registered on my system.

Unfortunately this CAPTCHA does not work with the ValidationSummary and when it is not good then there is no way to inject the error message into the ValidationSummary.

But most importantly, when processing CreatingUser it is not possible for get a reference to the CAPTCHA control (that is the ID) using FindControl. I tried by doing it with CreateUserWizard1 and CreateUserWizardStep1 and both return null and therefore it is not possible to validate the captcha.

# re: Login Control + CAPTCHA 1/14/2008 12:48 PM Stanislav

Can anyone help me with getting the FailureText working? I am using the templated login + CAPTCHA and the FailureText is not showing.

rgds
Stanislav

# re: Login Control + CAPTCHA 2/28/2008 2:48 PM Nate

I am trying to implement your captcha control in my code. It compiles fine but when I open up the web page I dont see captcha image instead I see a red asterisk error. I checked assembly path and all that seems good. Can someone help me why its not showing up on page?
I get the associated textbox but not the captcha image.
Thanks
Nate

# re: Login Control + CAPTCHA 3/5/2008 3:17 AM Yu

Hi, i am experiencing the same problem with the captcha image not displayed. I have to re-start the iis everytime to make it work.

Please help.

# re: Login Control + CAPTCHA 5/4/2009 10:15 AM noob

hey, first of all thx for the great article.. I have one minor question tho.. I dont seem to find the password 'password' in the database. Do u need to implement sum encrypter or sumting before this wil work. I dont seem able to log in and lookin into your database the password is encrypted. sorry if this is a noob question btw :p

Best regards
the nub

Title:
Name:
Url:
Enter the code you see:
Comments
Remember Me?

Ads Via DevMavens