In this little post im trying to show you how to successfuly avoid a very simple issue at the time of designing forms for your websites. Lets say you decide to include a Contact form in order potencial clients can contact you by sending their contact details to your personal email. A very simple requirement at this point right?.
In the end you put that code in production and then the next day when you check your Website Inbox you just realize it is infested with horrible SPAM. At this point you can know(or not) that you are being attacked by a Bot which is Submitting your form over and over filling your Inbox with dangerous emails.


  • What Bots Are and How do They Work?
According to wikipedia a bot is a software application that runs automated tasks (scripts) over the internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone.
In this brief entry i will teach you how to successfuly implement Captcha validation in your ASP.Net MVC projects. So lets start the party!.

  • Tools used in this Example
    • Visual Studio 2015 Community Edition

  1. First we are going to create a new Web Application in Visual Studio and then select MVC Template
  2. At this point you can see Visual Studio gave to us a basic template with some information. For this example we are going to modify Contact.cshtml by putting a Form in this view in order to send this information to its corresponding Action inside HomeController. The first thing for us to do is to add a new ViewModel to our ViewModels folder (create if you dont have it) called ContactViewModel.cs with a couple of properties:

3. Next we need to create an POST Action inside HomeController for receiving the submitted information and also modify the existing one. In this code we can see out second method is receiving a parameter of type ContactViewModel representing the serialized Form information sent to the server from client-side:

4. Next we need to modify Contact.cshtml html since it will expect a ComponentViewModel object as main parameter. This is normally called Model Binding. At this point you will have a functional form that will let you know if for example, you are not filling a required field. This Form the way it is at this point will work but since we are not validating nothing but Required fields our Form is an easy target for a bot, here is where a Captcha can help us.
5. In our solution references we need to install a new NuGet Package called RecaptchaNet. This package will install some Html helpers that will allow our Forms to easily implement captcha validation. This package will also add 3 new keys to our web.config file:
In order to fill this values we need to have an account in Google Recaptcha and register the domain we are currently trying to add captcha functionality:
Once registered this will show to us 2 keys (One private, One Public). And as you may imagine all you need to do after this step is to replace this values in web.config file.

6. Now that we have all the dependencies we need and they already properly configured we need to modify our Contact.cshtml code by adding the following:
Now if you try this you will actually see captcha is working on client-side, but we are still missing validation in server-side (controller Action).


7. We just need to add missing validation in our controller's action and we are good to go:

Here is the Code

That's it!!! :D