如何为ASP.NET MVC网站构造CAPTCHA验证体系结构?
[英]How to structure CAPTCHA validation architecture for an ASP.NET MVC site?
问题描述
I'm writing an ASP.NET MVC site where I want to display a CAPTCHA when content that a user submits fails my Akismet spam check. 
我正在编写一个ASP.NET MVC网站,当用户提交的内容未通过我的Akismet垃圾邮件检查时,我想在其中显示验证码。 I know how to display the CAPTCHA, but I'm having trouble imagining and planning the architecture for this. 我知道如何显示验证码,但是我在为此构想和规划架构时遇到了麻烦。 Here's what I'm currently thinking: 这是我目前在想的:
- User submits content via HTTP POST 用户通过HTTP POST提交内容
- The action that handles the submission runs an Akismet check 处理提交的操作运行Akismet检查
- If the Akismet check fails, the action calls
return RedirectToAction()and sends the user off to the CAPTCHA action如果Akismet检查失败,则该操作将调用return RedirectToAction()并将用户发送到CAPTCHA操作 - The CAPTCHA action displays a CAPTCHA by using the MvcReCaptcha library, then processes the CAPTCHA result CAPTCHA操作通过使用MvcReCaptcha库显示CAPTCHA,然后处理CAPTCHA结果
- If the user succeeds at validation, the CAPTCHA action returns the user to the original action. 如果用户验证成功,则CAPTCHA操作会将用户返回到原始操作。
My question is: how should I engineer the return of the user to the original action? 我的问题是: 我应该如何设计使用户返回原始操作状态? I need to somehow carry the data that the user submitted, as well as the name of the original action, into the CAPTCHA action so that RedirectToAction includes both. 我需要以某种方式将用户提交的数据以及原始操作的名称携带到CAPTCHA操作中,以便RedirectToAction包括这两者。
Any ideas? 有任何想法吗? Thanks in advance. 提前致谢。
UPDATE: 更新:
Mare's answer below linked to a recording of a session at PDC 2008 where Jeff Atwood showed a little bit of the CAPTCHA code that Stack Overflow uses. 以下是Mare的答案,该记录与PDC 2008上一次会议的记录有关,在该记录中Jeff Atwood展示了Stack Overflow使用的一些验证码。 The end result that I'm going for is essentially how CAPTCHAs work here on Stack Overflow. 我要寻找的最终结果实质上是CAPTCHA在Stack Overflow上的工作方式。
The CAPTCHA submission code that Jeff showed does the following: Jeff显示的验证码提交代码执行以下操作:
- Check `Session["captcha-returnUrl"] for content; 检查`Session [“ captcha-returnUrl”]的内容; if no content, returnUrl = "/". 如果没有内容,则returnUrl =“ /”。
- Validate the CAPTCHA submission. 验证验证码提交。
- If the CAPTCHA was submitted correctly,
return Redirect(resultUrl);如果验证码提交正确,则return Redirect(resultUrl);
That solves part of my question. 这解决了我的部分问题。 However, there are still a few things that I don't understand: 但是,还有一些我不理解的事情:
- How do I set
Session["captcha-returnUrl"]from the method that calls the CAPTCHA?如何通过调用验证Session["captcha-returnUrl"]的方法设置Session["captcha-returnUrl"]? - What do I set the return URL to? 返回网址设置为什么? I want successful CAPTCHA submission to trigger the form submission that the user was doing originally - how do I convey the form path and the form data? 我希望成功的CAPTCHA提交触发用户最初进行的表单提交-如何传达表单路径和表单数据?
1 个解决方案
解决方案1
1 2010-08-15 12:23:20
Maybe you can find some ideas in an old video from PDC 08 where Jeff Atwood talks about Recaptcha implementation at Stack Overflow, its somewhere in the middle of the video: http://channel9.msdn.com/pdc2008/PC21/ 也许您可以在PDC 08的一个旧视频中找到一些想法,其中Jeff Atwood在Stack Overflow上谈论Recaptcha的实现,该视频位于视频的中间位置: http ://channel9.msdn.com/pdc2008/PC21/
Hope it helps 希望能帮助到你
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.