提高验证码安全性
Increase reCaptcha Security
我在我的应用程序中使用 google recaptcha v2 我会将其集成到客户端。
这是我的代码
<script>
var onloadCallback = function () {
grecaptcha.render('recaptcha', {
'sitekey': '6Lc_qmcUAAAAAJW_kALWjxcxcvxcxcvxcvxc',
'callback': reCaptchaCallback,
});
};
var reCaptchaCallback = function (response) {
if (response !== '') {
console.log(response);
}
};
function getReCaptchaRes() {
var message = 'Please check the checkbox';
if (typeof (grecaptcha) != 'undefined') {
var response = grecaptcha.getResponse();
(response.length === 0) ? (message = 'Captcha verification failed') : (message = '');
}
$('#reCaptchaLblMsg').html(message).css('color', "red");
return !(response.length === 0)
}
submitHandler: function (form) {
// call the google recaptcha validation
if (getReCaptchaRes()) {
$('.spinner-holder').css('display', 'block');
$("#myAjaxRegisterModal2 input[type='submit']").val("Saving ...").attr('disabled', 'disabled');
var __RequestVerificationToken = $('[name="__RequestVerificationToken"]').val();
var RegisterData = {
__RequestVerificationToken: __RequestVerificationToken,
ProfileCreatedFor: $('#ddlProfileCreatedFor').val(),
GroomBrideName: $('#txtName').val(),
Mobile: $('#txtMobile').val(),
EmailID: $('#txtEmail').val(),
Height: $('#ddlHeight').val(),
Gender: $("input[name='Gender']:checked").val(),
MaritalStatus: $('#ddlMaritalStatus').val(),
DOBMonth: $('#ddlMonth').val(),
DOBDate: $('#ddlDate').val(),
DOBYear: $('#ddlYear').val(),
State: $('#ddlUserState').val(),
City: $('#ddlCity').val(),
Section: $('#ddlUserSection').val(),
DivisonText: $('#DivisonText').val(),
Password: $('#ConfirmPassword').val()
}
//form.submit();
$.ajax({
url: "/Home/RegisterNewMemberByJson",
type: "POST",
data: RegisterData,
dataType: 'json',
success: function (data) {
if (data == "Error") {
window.location.href = "/Home/Index";
}
else if (data == true) {
$('#myAjaxRegisterModal2').modal('hide');
RegisterPopUp();
}
else {
$('.spinner-holder').hide();
$("#myAjaxRegisterModal2 input[type='submit']").val("Save").removeAttr("disabled");
$('#ageErrorMsg').text(data);
}
}
});
}
}
<div class="clearfix"></div>
<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer>
</script>
但我担心的是,如果我将更改 browser console 的响应,那么我可以使用循环多次点击 ajax 方法。那么我怎样才能防止它把我的 ajax 方法打进循环或者我的验证码集成有问题。
我的另一个问题是是否可以在客户端和服务器端检查验证码响应。如果可能的话如何。
请帮助我,我们将不胜感激。
现在我可以回答我自己的问题了。我犯了一个愚蠢的错误,我没有通过 ajax 发送响应,而是试图通过 [g-recaptcha-response].
将响应发送到控制器上的方法中
这是更新后的代码。
public JsonResult RegisterNewMemberByJson(ReligionAndEthinicityModel RegisterData)
{
if (ModelState.IsValid)
{
try
{
bool captchaIsvalid = IsReCaptchValid(RegisterData.cResponse);
if (captchaIsvalid)
{
public bool IsReCaptchValid(string cResponse)
{
var result = false;
var captchaResponse = cResponse;
var secretKey = Convert.ToString(ConfigurationManager.AppSettings["RecaptchaKey"]);
var apiUrl = "https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}";
var requestUri = string.Format(apiUrl, secretKey, captchaResponse);
var request = (HttpWebRequest)WebRequest.Create(requestUri);
using (WebResponse response = request.GetResponse())
{
using (StreamReader stream = new StreamReader(response.GetResponseStream()))
{
JObject jResponse = JObject.Parse(stream.ReadToEnd());
var isSuccess = jResponse.Value<bool>("success");
result = (isSuccess) ? true : false;
}
}
return result;
}
我在我的应用程序中使用 google recaptcha v2 我会将其集成到客户端。 这是我的代码
<script>
var onloadCallback = function () {
grecaptcha.render('recaptcha', {
'sitekey': '6Lc_qmcUAAAAAJW_kALWjxcxcvxcxcvxcvxc',
'callback': reCaptchaCallback,
});
};
var reCaptchaCallback = function (response) {
if (response !== '') {
console.log(response);
}
};
function getReCaptchaRes() {
var message = 'Please check the checkbox';
if (typeof (grecaptcha) != 'undefined') {
var response = grecaptcha.getResponse();
(response.length === 0) ? (message = 'Captcha verification failed') : (message = '');
}
$('#reCaptchaLblMsg').html(message).css('color', "red");
return !(response.length === 0)
}
submitHandler: function (form) {
// call the google recaptcha validation
if (getReCaptchaRes()) {
$('.spinner-holder').css('display', 'block');
$("#myAjaxRegisterModal2 input[type='submit']").val("Saving ...").attr('disabled', 'disabled');
var __RequestVerificationToken = $('[name="__RequestVerificationToken"]').val();
var RegisterData = {
__RequestVerificationToken: __RequestVerificationToken,
ProfileCreatedFor: $('#ddlProfileCreatedFor').val(),
GroomBrideName: $('#txtName').val(),
Mobile: $('#txtMobile').val(),
EmailID: $('#txtEmail').val(),
Height: $('#ddlHeight').val(),
Gender: $("input[name='Gender']:checked").val(),
MaritalStatus: $('#ddlMaritalStatus').val(),
DOBMonth: $('#ddlMonth').val(),
DOBDate: $('#ddlDate').val(),
DOBYear: $('#ddlYear').val(),
State: $('#ddlUserState').val(),
City: $('#ddlCity').val(),
Section: $('#ddlUserSection').val(),
DivisonText: $('#DivisonText').val(),
Password: $('#ConfirmPassword').val()
}
//form.submit();
$.ajax({
url: "/Home/RegisterNewMemberByJson",
type: "POST",
data: RegisterData,
dataType: 'json',
success: function (data) {
if (data == "Error") {
window.location.href = "/Home/Index";
}
else if (data == true) {
$('#myAjaxRegisterModal2').modal('hide');
RegisterPopUp();
}
else {
$('.spinner-holder').hide();
$("#myAjaxRegisterModal2 input[type='submit']").val("Save").removeAttr("disabled");
$('#ageErrorMsg').text(data);
}
}
});
}
}
<div class="clearfix"></div>
<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer>
</script>
但我担心的是,如果我将更改 browser console 的响应,那么我可以使用循环多次点击 ajax 方法。那么我怎样才能防止它把我的 ajax 方法打进循环或者我的验证码集成有问题。
我的另一个问题是是否可以在客户端和服务器端检查验证码响应。如果可能的话如何。 请帮助我,我们将不胜感激。
现在我可以回答我自己的问题了。我犯了一个愚蠢的错误,我没有通过 ajax 发送响应,而是试图通过 [g-recaptcha-response].
将响应发送到控制器上的方法中这是更新后的代码。
public JsonResult RegisterNewMemberByJson(ReligionAndEthinicityModel RegisterData)
{
if (ModelState.IsValid)
{
try
{
bool captchaIsvalid = IsReCaptchValid(RegisterData.cResponse);
if (captchaIsvalid)
{
public bool IsReCaptchValid(string cResponse)
{
var result = false;
var captchaResponse = cResponse;
var secretKey = Convert.ToString(ConfigurationManager.AppSettings["RecaptchaKey"]);
var apiUrl = "https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}";
var requestUri = string.Format(apiUrl, secretKey, captchaResponse);
var request = (HttpWebRequest)WebRequest.Create(requestUri);
using (WebResponse response = request.GetResponse())
{
using (StreamReader stream = new StreamReader(response.GetResponseStream()))
{
JObject jResponse = JObject.Parse(stream.ReadToEnd());
var isSuccess = jResponse.Value<bool>("success");
result = (isSuccess) ? true : false;
}
}
return result;
}