Online courses in ASP.NET MVC / Core, Angular, and Design Patterns. Read more...
Know the inner dimension of personal growth and well-being. A practical yogic approach to success, happiness, and inner transformation. A unique sequence of Mantra, Pranayama, Hand Mudras and Meditation. Conducted by Bipin Joshi in Thane. See more details here.

Preventing Automated Web Site Registrations


Many heavily trafficked public portals provide features such as free emailing services, on-line storage etc. Webmasters administrating these sites always want to make sure that the users registering with their sites are "real" users instead of automated one. Take an example of MSN registration, when you go to their registration page and fill in the details they display a small randomly generated image with some text. The user is supposed to enter the text in the textbox provided on the form which confirms that the person is physically registering with the site. In this article I will show you how to develop similar mechanism for your ASP.NET applications.

GDI+ and Random class

GDI+ classes allow you to easily generate graphics on the fly and display in the web pages. We will be using these classes along with Random class to develop our solution.

Generating random strings

First we need to device a mechanism that will give us a randomly generated string with each request to the page. Following routine does exactly the same.

public static string GetRandomString(int length)
int intZero=0, intNine=0, intA=0, intZ=0, 
intCount=0, intRandomNumber=0;
string strRandomString;
Random rRandom =new Random(System.DateTime.Now.Millisecond);
intZero = '0';
intNine = '9';
intA = 'A';
intZ = 'Z';

strRandomString = "";
while (intCount <  length)
intRandomNumber = rRandom.Next(intZero, intZ);
if(((intRandomNumber >= intZero) && 
(intRandomNumber <= intNine) || 
(intRandomNumber >= intA) && (intRandomNumber <= intZ)))
strRandomString = strRandomString + (char)intRandomNumber;
intCount = intCount + 1;
return strRandomString;

The function accepts the length of the string to be generated and constructs a random string using Random class. We will not go into details of the logic used as it is simple and clear from above routine.

You will find above function in the RandomString.cs file available in the download.

Generating and outputting image on the fly

Next step is to generate images on the fly and output on the response stream.

Bitmap bmp=new Bitmap(100,30);
Graphics g=Graphics.FromImage(bmp);
string randomString=preventautopost.RandomString.GetRandomString(6);
g.DrawString(randomString,new Font("Courier",16),
new SolidBrush(Color.WhiteSmoke),2,2);

Here, we create an instance of Graphics class from an Image (represented by Bitmap class). We  then draw the randomly generated string on this bitmap and save the image to the Response.

You will find this code in the randomimagepage.aspx file available in the download.

Building the registration form

Finally you will develop a registration form which will display the randomly generated image in an Image control. You will find the code and markup in registrationform.aspx available in the download. One important to note in the web form markup is the following line:

<asp:Image id=Image1 runat="server" 
ImageUrl="randomimagepage.aspx" />

Note how the ImageUrl property is set to the previous web form that emits the dynamic image on the response stream. Once the user submits the form we check the entered random code against what was generated.

string str=(string)Session["randomstring"];
Label5.Text="Random string verification failed!";
Label5.Text="Validation successful!";
//do database insert here

Source Code Download

Complete source code in C# is including web forms and image generation logic is available along with the article.


Automated form submission is a matter of concern for many large portals - specially offering services such as free email. If you are developing such a web site it would be nice to provide some way in your application that will ensure that users are filling the registration forms themselves rather than an automated system. In this article we accomplished this goal using GDI+ classes and Random string generation logic.

Bipin Joshi is a software consultant, an author and a yoga mentor having 21+ years of experience in software development. He conducts online courses in ASP.NET MVC / Core, jQuery, and Design Patterns. He is a published author and has authored or co-authored books for Apress and Wrox press. Having embraced Yoga way of life he also teaches Meditation to interested individuals. To know more about him click here.

Get connected : Twitter  Facebook  Google+  LinkedIn

Posted On : 21 Nov 2004

Tags : ASP.NET Web Forms Server Controls Custom Controls Security