I am looking an open source captcha control for asp.net forms. We want to avoid using ReCaptcha because our solutions are deployed to corporate environments where it is more restrictive.
Ideally would like to a solution which avoid server calls.
Any ideas?
I don't know if it is as bulletproof as ReCaptcha, but maybe the following does fit your needs.
You only want to use a kind of ReCaptcha in a form where you want to submit the input. From the code behind you can build a label like: "How much is 11 + 1". The "11 + 1" you generate everytime the page is loaded. The sum of that you save in the viewstate/session so you can access it the moment the user submits the page. The user has to come up with the sum of "11 + 1", in this example, and fill it in with the use of a textbox. While validating the submit you easily can compare the value of the textbox with the value of the sum you saved in the viewstate/session.
If you want to do the validation at the clientside you can make the calculated sum available in a hidden field or something else that suits you.
Bots, that what you are afraid of when you start using ReCaptcha, don't know what to look for since the outcome of the sum differs every time the page is initially loaded. In my opinion nearly as bullet proof as ReCaptcha and easier in use for the user of your application.
I agree with Emmanuel's comment that some sort of server call is required to avoid all of the logic residing in the page waiting to be hacked.
Perhaps a sensible compromise for you would be to accept only server calls back to your own server and not to some 3rd party like with ReCaptcha.
In which case you could try Subkismet, which is a collection of different Captcha-like methods, not all of which require use of an external service.
A simpler control you could try is MyCaptcha.
A commercial option you could consider is from DevExpress, they also provide some nice background research on the history and state-of-the-art in Captcha more generally.
You can find solutions what you search for here:
http://cks.codeplex.com/releases/view/7675 (You can reuse this code, but have to change it a little bit.)
or here:
http://www.codeproject.com/KB/custom-controls/CaptchaControl.aspx
or here:
or here:
http://mycaptcha.codeplex.com/
But I think most of them are based on your server call, you don't have to connect to other external servers from WAN location, you are independent from other services which are not in your hands.
Good Luck!