Using reCaptcha with BlogEngine.net

Question

I have just installed reCaptcha on my site and put the control on my comment post, so far so good.

Now to validate reCaptcha it says just do Page.IsValid.

However BlogEngine uses Ajax and some JS to post its addComment function and if I test that there I just get error on page in the status bar.

Here is the bloengine post function -

/// <summary>
/// Processes a callback event that targets a control.
/// </summary>
/// <param name="eventArgument">A string that represents an event argument to pass to the event handler.</param>
public void RaiseCallbackEvent(string eventArgument)
{
 if (!BlogSettings.Instance.IsCommentsEnabled)
  return;

 string[] args = eventArgument.Split(new string[] { "-|-" }, StringSplitOptions.None);
 string author = args[0];
 string email = args[1];
 string website = args[2];
 string country = args[3];
 string content = args[4];
 bool notify = bool.Parse(args[5]);
 bool isPreview = bool.Parse(args[6]);
 string sentCaptcha = args[7];
 //If there is no "reply to" comment, args[8] is empty
 Guid replyToCommentID = String.IsNullOrEmpty(args[8]) ? Guid.Empty : new Guid(args[8]);

 string storedCaptcha = hfCaptcha.Value;

 Comment comment = new Comment();
 comment.Id = Guid.NewGuid();
 comment.ParentId = replyToCommentID;
 comment.Author = Server.HtmlEncode(author);
 comment.Email = email;
 comment.Content = Server.HtmlEncode(content);
 comment.IP = Request.UserHostAddress;
 comment.Country = country;
 comment.DateCreated = DateTime.Now;
 comment.Parent = Post;
 comment.IsApproved = !BlogSettings.Instance.EnableCommentsModeration;

 if (Page.User.Identity.IsAuthenticated)
  comment.IsApproved = true;

 if (website.Trim().Length > 0)
 {
  if (!website.ToLowerInvariant().Contains("://"))
   website = "http://" + website;

  Uri url;
  if (Uri.TryCreate(website, UriKind.Absolute, out url))
   comment.Website = url;
 }

 if (notify && !Post.NotificationEmails.Contains(email))
  Post.NotificationEmails.Add(email);
 else if (!notify && Post.NotificationEmails.Contains(email))
  Post.NotificationEmails.Remove(email);

 if (!isPreview)
 {
  Post.AddComment(comment);
  SetCookie(author, email, website, country);
 }

 string path = Utils.RelativeWebRoot + "themes/" + BlogSettings.Instance.Theme + "/CommentView.ascx";

 CommentViewBase control = (CommentViewBase)LoadControl(path);
 control.Comment = comment;
 control.Post = Post;

 using (StringWriter sw = new StringWriter())
 {
  control.RenderControl(new HtmlTextWriter(sw));
  _Callback = sw.ToString();
 }
}

I tried just putting if(!Page.IsValid) return; but that never worked.

Answer 1

var captchaChallengeValue = filterContext.HttpContext.Request.Form["recaptcha_challenge_field"];
var captchaResponseValue = filterContext.HttpContext.Request.Form["recaptcha_response_field"];
var captchaValidator = new Recaptcha.RecaptchaValidator
{
    PrivateKey = "private key here",
    RemoteIP = filterContext.HttpContext.Request.UserHostAddress,
    Challenge = captchaChallengeValue,
    Response = captchaResponseValue
};

var recaptchaResponse = captchaValidtor.Validate();

This is how I did it on a different site. I took what was entered and the response and then created a new captchaValidator which has a method that will check if the responses are valid. Then use that as your boolean for your if.

I am using ASP.Net MVC. But, I would assume that the idea is similar.

Hope this helps.

Answer 2

Can you please post the ASPX and any ASPX.CS code that is related to the captcha?

I'm fairly familiar with DNBE as I have my personal blog using it, and have written a few extensions for it.

Answer 3

reCaptcha's default API does not work with AJAX-driven webpages, especially when you replace the content, where the reCaptcha resides. The problem here is the default reCaptcha API. Just switch to the AJAX API, which is also offered here