Recaptcha posting back incorrect-captcha-sol (ASP.NET 4.0 - IIS6 running locally)
398 views
Skip to first unread message
Cygnus Digital
Oct 9, 2012, 11:22:53 AM10/9/12
to reca...@googlegroups.com
Hi, I have a complex form that I am adding a recaptcha to, only problem is that the Recaptcha never validates.
I am running on a local build of a.NET (4) website under IIS6. I have tried 'hard-coding' my IP address according to the IP address of our network as it appears to the outside (REMOTE_ADDR returns 127.0.0.1.
Checklist:
- form tag inside table tag : NOPE (1 form tag under the body tag, div based form layout)
- Invalid Private/Public key : NOPE (Triple checked, even checked visually using a breakpoint!)
- Invalid domain match : NOPE (Is set up as a global key on ReCaptcha)
Anyone have any other ideas? I can not stage this solution unfortunataly, I only have local dev to LIVE due to some internal issues (no IIS stage servers atm!). I really need to get a good response just once before I can roll this to the live server.
Here's my code (captcha validating routine):
private static string ValidateCaptcha(string parameters)
{
try
{
WebRequest request = WebRequest.Create("http://www.google.com/recaptcha/api/verify");
request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";
//request.ContentLength = parameters.Length;
StreamWriter writer = new StreamWriter(request.GetRequestStream(),Encoding.UTF8);
writer.Write(parameters);
writer.Close();
//Response
HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse();
StreamReader myReader = new StreamReader(webResponse.GetResponseStream());
string response = myReader.ReadToEnd();
myReader.Close();
webResponse.Close();
return response;
}
catch (WebException)
{
//Do Some Exception threatment
return string.Empty;
}
}
And here's the parameter builder ( formControl is the form control I;'m using EPiServer and XForms, reCap uis the recaptcha control, which is holding he correct private key. MY.IP.MY.IP is my hard coded IP for testing ) :
private void validateRecaptcha(object source, ServerValidateEventArgs args){
Debug.WriteLine("validateCatcha");
CustomValidator sVal = (CustomValidator)source;
EPiServer.XForms.WebControls.XFormControl formControl = (EPiServer.XForms.WebControls.XFormControl)sVal.Parent;
if (formControl != null)
{
RecaptchaControl reCap = (RecaptchaControl)formControl.FindControl("Recaptcha");
if (reCap != null)
{
StringBuilder builder = new StringBuilder();
builder.AppendFormat("privatekey={0}&", reCap.PrivateKey);
builder.AppendFormat("remoteip={0}&", "MY.IP.MY.IP"); //Request.ServerVariables["REMOTE_ADDR"]);
builder.AppendFormat("challenge={0}&", Request["recaptcha_challenge_field"]);
builder.AppendFormat("response={0}", Request["recaptcha_response_field"]);
Debug.WriteLine(ValidateCaptcha(builder.ToString()));
}
}
}
I am running on a local build of a.NET (4) website under IIS6. I have tried 'hard-coding' my IP address according to the IP address of our network as it appears to the outside (REMOTE_ADDR returns 127.0.0.1.
Checklist:
- form tag inside table tag : NOPE (1 form tag under the body tag, div based form layout)
- Invalid Private/Public key : NOPE (Triple checked, even checked visually using a breakpoint!)
- Invalid domain match : NOPE (Is set up as a global key on ReCaptcha)
Anyone have any other ideas? I can not stage this solution unfortunataly, I only have local dev to LIVE due to some internal issues (no IIS stage servers atm!). I really need to get a good response just once before I can roll this to the live server.
Here's my code (captcha validating routine):
private static string ValidateCaptcha(string parameters)
{
try
{
WebRequest request = WebRequest.Create("http://www.google.com/recaptcha/api/verify");
request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";
//request.ContentLength = parameters.Length;
StreamWriter writer = new StreamWriter(request.GetRequestStream(),Encoding.UTF8);
writer.Write(parameters);
writer.Close();
//Response
HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse();
StreamReader myReader = new StreamReader(webResponse.GetResponseStream());
string response = myReader.ReadToEnd();
myReader.Close();
webResponse.Close();
return response;
}
catch (WebException)
{
//Do Some Exception threatment
return string.Empty;
}
}
And here's the parameter builder ( formControl is the form control I;'m using EPiServer and XForms, reCap uis the recaptcha control, which is holding he correct private key. MY.IP.MY.IP is my hard coded IP for testing ) :
private void validateRecaptcha(object source, ServerValidateEventArgs args){
Debug.WriteLine("validateCatcha");
CustomValidator sVal = (CustomValidator)source;
EPiServer.XForms.WebControls.XFormControl formControl = (EPiServer.XForms.WebControls.XFormControl)sVal.Parent;
if (formControl != null)
{
RecaptchaControl reCap = (RecaptchaControl)formControl.FindControl("Recaptcha");
if (reCap != null)
{
StringBuilder builder = new StringBuilder();
builder.AppendFormat("privatekey={0}&", reCap.PrivateKey);
builder.AppendFormat("remoteip={0}&", "MY.IP.MY.IP"); //Request.ServerVariables["REMOTE_ADDR"]);
builder.AppendFormat("challenge={0}&", Request["recaptcha_challenge_field"]);
builder.AppendFormat("response={0}", Request["recaptcha_response_field"]);
Debug.WriteLine(ValidateCaptcha(builder.ToString()));
}
}
}
Adrian Godong
Oct 9, 2012, 11:32:16 AM10/9/12
to reca...@googlegroups.com
(1) Why are you not using the .NET client library provided?
(2) If there is a specific reason to not use the above, how different
is the code compared to the library's?
> --
> You received this message because you are subscribed to the Google Groups
> "reCAPTCHA" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/recaptcha/-/2fG8t9crclYJ.
> To post to this group, send email to reca...@googlegroups.com.
> To unsubscribe from this group, send email to
> recaptcha+...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/recaptcha?hl=en.
--
Adrian Godong
adrian...@gmail.com
(2) If there is a specific reason to not use the above, how different
is the code compared to the library's?
> You received this message because you are subscribed to the Google Groups
> "reCAPTCHA" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/recaptcha/-/2fG8t9crclYJ.
> To post to this group, send email to reca...@googlegroups.com.
> To unsubscribe from this group, send email to
> recaptcha+...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/recaptcha?hl=en.
--
Adrian Godong
adrian...@gmail.com
Cygnus Digital
Oct 9, 2012, 12:02:51 PM10/9/12
to reca...@googlegroups.com
I had to recompile the supplied libraries for it to work with NET 4.0 and CLS-Compliance, however I am actually using the supplied libraries (except that you can't debug the validator once compiled to the dll)
So, as the control itself is working, after extensive debugging and googling I went down the route of building the validation side myself, so I can step through it, watch expressions ect.
The only main difference I see between my coded validation and the source of RecaptchaValidator is that I'm not checking for null values (I will add that check shortly but for testing I'm ensutring I enter a value.
Another difference is that now I compare the code is the RecaptchaValidator class uses a HttpWebRequest whereas I use the WebRequest object to build (also I'm not setting the user-agent). I will re-write using the supplied code as a guide and post back, but I don't believe these differences should break it)
EDIT: just noticed I'm not urlEncoding my input parameters (Privatekey, IP, Challange & Response). I'm betting dollar to doughnuts this might be causing the issue...
So, as the control itself is working, after extensive debugging and googling I went down the route of building the validation side myself, so I can step through it, watch expressions ect.
The only main difference I see between my coded validation and the source of RecaptchaValidator is that I'm not checking for null values (I will add that check shortly but for testing I'm ensutring I enter a value.
Another difference is that now I compare the code is the RecaptchaValidator class uses a HttpWebRequest whereas I use the WebRequest object to build (also I'm not setting the user-agent). I will re-write using the supplied code as a guide and post back, but I don't believe these differences should break it)
EDIT: just noticed I'm not urlEncoding my input parameters (Privatekey, IP, Challange & Response). I'm betting dollar to doughnuts this might be causing the issue...
Cygnus Digital
Oct 9, 2012, 12:11:43 PM10/9/12
to reca...@googlegroups.com
Just to report, I have :
- Changed the WebRequest object to a HttpWebRequest (as per the class)
- Added the following to the request object ; Timeout = 30000, UserAgent = reCAPTCHA/ASP.NET, ProtocolVersion = Version 10
- UrlEncoded my parameters
but I still get an incorrect-captcha-sol :(
My code is now almost identical to the supplied code, but at least I can step throug and debug...
Cygnus Digital
Oct 11, 2012, 10:29:38 AM10/11/12
to reca...@googlegroups.com
Further on the above, it appearws to be a doubl validation issue. As documented elsewhere I build a wrapper to cache responces agains the challange string and its all good.
On Tuesday, October 9, 2012 4:22:53 PM UTC+1, Cygnus Digital wrote:
On Tuesday, October 9, 2012 4:22:53 PM UTC+1, Cygnus Digital wrote:
Reply all
Reply to author
Forward
0 new messages